I erred on the side of brevity.
I did not "chat" with her. I was able, through the medical records, to locate the doctor's office for whom she was transcribing. (On reflection, I could have tried to access her personal information to identify and contact her.) I gave them all the information I had as to how I had come to making the phone call. They knew immediately which transcriptionist it was, as I had her initials. I gave them my complete contact information, including phone number. They contacted her and passed along the number (Questionable conduct on my part, perhaps, but I am a former medical transcriptionist and knew that I was talking to a reputable medical facility). She called me this morning. She clearly had no idea how her computer got compromised. (No, P2P, file sharing, downloading music, swapping files, all of that are completely foreign to her.) She did not know what LimeWire was, had no idea what file sharing was, and shares her computer with no one.