Anyone doubting the urgent need for hospitals to develop effective cybersecurity protocols would do well to note the multiple news reports last week of a data breach at the University of Washington (UW) Medical Center. As described by the university in a November 27 press release, the breach occurred in October, when an employee opened an email attachment containing malware.

Although UW staff discovered the exploit within a day, the malware had already accessed 90,000 patient records on the employee’s computer. According to the university, the data may have included name, medical record number, other demographics (which may include address, phone number), dates of service, charge amounts for services received at UW Medicine, Social Security Number or HIC (Medicare) number, and date of birth. In response to the breach, UW Medicine says it has implemented a review, training, and outreach effort.