There is a growing number of healthcare providers that are confirmed to have experienced a data breach as a result of the Blackbaud ransomware attack. Four more healthcare providers sent breach notification reports in the last few days.
Northwestern Memorial HealthCare reported yesterday that the personal data of 55,983 people were impacted and compromised. Currently, the breach portal of the Department of Health and Human Services’ Office for Civil Rights indicates that the incident has impacted 179,189 MultiCare Health System donors and prospective donors, 52,500 Spectrum Health Lakeland Foundation donors, and 22,718 Richard J. Caron Foundation donors.
Some foundations that confirmed having been affected by the Blackbaud data breach earlier this month include:
- Northern Light Health Foundation where 657,392 donors’ information was compromised
- Catholic Health and its foundations
- Children’s Hospital of Pittsburgh Foundation
- University of Detroit Mercy
It is still unknown how many healthcare institutions were affected by the breach. It is also not known how many people in total were affected by the breach, however, the total is quickly nearing 1 million.
Blackbaud is among the biggest companies providing health care providers, educational institutions, and other non-profits with fundraising database and support services around the world. The company keeps data for over 25,000 non-profit groups.
The ransomware attack happened on or some time May 14, 2020; but the attackers initially obtained access to Blackbaud’s systems a few months earlier in February 2020. Blackbaud performed security measures to restrict the impact of file encryption and secured the attack on May 20, 2020. Before the ransomware deployment, the attackers had exfiltrated a part of data stored in Blackbaud’s self-hosted environment, which include the platform employed by a lot of healthcare companies for engagement and raising funds.
Healthcare organizations around the world, including 30 of the 32 biggest non-profit hospitals, use Blackbaud’s cloud services. The company stated that the breach did not have an effect on its public cloud environment nor on the greater part of its self-hosted environment.
Mostly, the breach affected only the names of donors, people who joined fundraising events before, and community members having associations with the affected healthcare companies.
Aside from the names, the compromised information included demographic data like addresses, birth dates, phone numbers, and email addresses. In a number of cases, the donation dates, amounts of donation and other donor profile data were also compromised. For most of the affected healthcare providers, the breach did not result in the compromise of highly sensitive data like bank account data, credit card details, and Social Security numbers.
Blackbaud released a statement regarding the payment of the ransom demand so as to get the data decryption keys and to avert the malicious use of any stolen data.
According to Blackbaud’s investigation of the incident, with the help of a third party agency and law enforcement, there is no reason for concern that data will be misused and disseminated by cybercriminals or disclosed to the public. Blackbaud apologized for the incident and will continue to give the needed help and support to customers to get around this cybercrime event.