Another employee falls for a phishing attack. This time, it was an employee of the Washington University School of Medicine The employee received a phishing email on December 2, 2016, and fell for what looked like a real request, responded to it, which allowed access to employee email accounts, which included the health information of 80,000 patients.

Although the attack occurred on December 2, 2016, the medical school did not learn of the attack until January 24, 2017.

The information contained in the email accounts of employees included patient names, dates of birth, medical record numbers, diagnosis, treatment information and some Social Security numbers. Query why this information was contained in unsecured emails?