A Washington University School of Medicine employee fell victim to a phishing attack that may have compromised 80,270 patient records.
The medical school learned of the incident on Jan. 24 — seven weeks after the phishing attack occurred on Dec. 2, officials said in a statement. The employee responded to a phishing email designed to look like a legitimate request.
As a result, an unauthorized party may have gained access to employee email accounts, which contained patient information including names, birth dates, medical record numbers, diagnosis, treatment and some included Social Security information.