Phishing Scam Compromises Health Information of 3,000 SLU Employees, Patients
ST. LOUIS, Mo. (KMOX) – This week University officials sent out notification letters regarding a data security breach that compromised the health information of 3,000 Saint Louis University employees and patients.
The University first discovered the problem August 8th, two weeks after several SLU employees provided their account information in response to a sophisticated phishing email scam.
David Hakanson, Vice President and Chief Information Officer at Saint Louis University said about 10 employees had direct deposit information changed from the scam, but no unauthorized financial transactions occurred.
He said at this time, they believe the main target of this scam was the financial information of University employees.
Hakanson said the scam also breached about 20 SLU email accounts that contained the personal health information of approximately 3,000 people. (It is important to note that the University’s Electronic Health Record system was not accessed by the unknown party.) These email accounts also contained approximately 200 Social Security numbers.
Some of the individuals whose information was included in the emails were patients treated or reviewed by a SLU physician at a partner facility, and the University is working with those organizations in its response efforts.
Hakanson said scammer could have gain access to more information if the university didn’t have certain safe guards in place.
“We have an automated email in place as soon as direct deposit information is changed in anyway,” he said. “Because of this practice we were able to know within a very short period of time that there was an issue.”
While there is no evidence to suggest that the unknown party accessed any of the information in the email, SLU is providing individuals with information affected by the incident with one year of free continuous credit monitoring and identity theft protection and restoration.
The University also has released a toll-free telephone number (1-877-309-9839) and launched a website (www.slu.edu/phishing) to provide more information about the incident and to answer questions from those who are being notified.
The FBI is investigating the scam that Hakanson says has targeted several other colleges and universities across the country.
Saint Louis University has also hired a third party to review the University’s security.