Impacted people are now being made aware of the breach and individuals whose Social Security numbers were potentially stolen have been provided with free membership to credit monitoring and identity protection services.
Washington University School of Medicine has implemented measures to enhance email security and has reinforced education with its staff to help them spot suspicious emails.
Doctors Community Medical Center Suffers Data Breach
Doctors Community Medical Center in Maryland has also been attacked and is making certain patients aware of a breach that may have affected their protected health information.
The data breach was first noticed in January 2020 when suspicious activity was detected in its payroll system. An investigation into the breach showed a small number of employees had been tricked by phishing emails and had shared their account credentials with the attackers. Along with gaining access to the employees’ email accounts, the hackers also had access to employee payroll information.
The investigation showed that the first accounts were breached on November 6, 2019, with access possible until January 30, 2020. Around February 13, 2020, Doctors Community Medical Center revealed that some of the compromised email accounts contained datasheets that included patient information.
A forensic investigation carried out by third-party investigators was unable to confirm if patient data had been accessed, copied, or shared, although no reports have been received to suggest patient information has been improperly used. Unauthorized data access was not confirmed but it was a possibility, so patients have been notified and offered complimentary credit monitoring and identity restoration services.
The range of information that was potentially compromised includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, military identification details, financial account information, diagnoses, treatment information, prescription data, provider names, medical record numbers, patient IDs, Medicare/Medicaid numbers, health insurance information, treatment cost information, and access details.
The health system is updating its policies and procedures and extra safeguards will be implemented to prevent attacks in the future.