Washington University School of Medicine is committed to protecting the security and confidentiality of our patients ’ information . We regret , however , that information about some of our patients may have been accessed Attack.Databreach by an unauthorized third party due to an email “ phishing ” incident . On January 24 , 2017 , the medical school learned that some of its employees responded to a Dec 2 , 2016 , “ phishing ” email , believing it to be a legitimate request . A “ phishing ” email is designed to look like Attack.Phishing a legitimate email but tricks Attack.Phishing the recipient into taking some action , such as providing login credentials . Upon learning of the incident , we secured the email accounts and began an investigation . The investigation could not rule out that an unauthorized third party may have gained access Attack.Databreach to some employees ’ email accounts . We conducted a detailed review of the employees ’ email accounts and confirmed that some of the emails contained patient information , which may have included names , birth dates , medical record numbers , diagnosis and treatment information , other clinical information , and in some instances Social Security numbers . We reported the phishing incident Attack.Phishing to law enforcement and are cooperating with the investigation . We have no indication that the information in the emails has been misused . However , as a precaution , we began mailing letters to affected patients on March 24 , 2017 , and have established a dedicated call center to answer any questions patients may have . If you believe you may be affected and have not received a letter by April 24 , 2017 , or if you have any questions regarding this incident , please call 844-641-5630 . The call center is open Monday through Friday from 9 a.m. to 5 p.m. central time . We regret any inconvenience this incident may have caused our patients . To help prevent such incidents in the future , we are reinforcing education with our staff and faculty of existing protocols and university resources regarding “ phishing ” emails . We also are reviewing enhancements to strengthen our business practices and user login authentication process .