St. Louis-based Washington University School of Medicine notified patients that a data breach had potentially exposed some of their personal health information.
According to Washington University School of Medicine's website, the health system learned that an unauthorized person gained access to certain employee email accounts between March 4 and March 28.
An investigation conducted March 24 was unable to determine whether the individual viewed any of the emails or attachments in the accounts, however, the health system did identify that the emails contained patient and research participant information, including names, dates of birth, addresses, medical records, patient account numbers and clinical information.
In some instances, health insurance information and Social Security numbers were also identified in the accounts.
To be safe, Washington University School of Medicine has begun mailing letters to individuals whose information was identified in the affected email accounts.
The health system did not identify how many patients were affected, but has implemented mitigations such as making enhancements to its email security and reinforcing training with its staff on how to identify and avoid suspicious emails.