During the week of October 26, multiple federal agencies notified Washington University of a credible cybersecurity threat to US health care providers. This threat has impacted several hospitals across the country within the last few days, and intelligence officials suggest several hundred more may be targeted in the near future.
Washington University has a dedicated Information Security team that is continuously monitoring the environment to protect our patients, employees, and community. We have detective and preventative measures already in place to help mitigate the risk of cybersecurity threats. We take any threat seriously and have heightened our surveillance, prevention, and communication strategies in response.
What you can do
- If you are working remotely, use VPN as much as possible. It offers an enhanced level of security and protection.
- Conduct only business activities on your WashU workstation. DO NOT check your personal email accounts. Those are not managed or monitored by WashU and put the Medical School at increased risk.
- Do the following with every email you receive, even if it appears to have come from a BJC or WashU address:
- Do not click on any emailed attachments you were not expecting, even if you know the sender. Report all unexpected attachments to information security by emailing email@example.com immediately. You will be notified if the attachment is determined to be safe.
- Check the email address of every email you receive by hovering your mouse over the email address and checking to make sure it’s not a spoofed or altered address. Report the email if the addresses don’t match.
- Do not click on suspicious links in emails and report them immediately.
If you believe you have been the victim of ransomware or another cyberattack, report it to firstname.lastname@example.org or 314-935-7986. If you lose the ability to use your computer as a result of the attack, immediately call the WashU IT Service Desk at (314) 933-3333.
Go to informationsecurity.wustl.edu for updates on this developing situation. Remember, if you hear something or see something, say something.
Thank you for your help,
Washington University Office of Information Security