Arcadia Hospital Reports Data Breach Involving Patient Info


The Methodist Hospital of Southern California, Arcadia Hospital, is the recent victim of the data breach caused by the Blackbaud ransomware attack, exposing foundation fundraising databases.

The Arcadia hospital claims its donor rolls and patient information were accessed by threat actors but no evidence showing these pieces of information was released publicly. As it uses Blackbaud’s hosting service, it’s one of the hundreds affected by the widespread data breach.


Although Blackbaud has managed to cut off the access and stop hackers from locking it out of its own system, the assailants got away with a copy of the databases. The ransomware attack happened between February and May this year, compromising the company’s network.

Arcadia Hospital Reports Data Breach

Still, patients’ information was compromised by the ransomware attack, exposing full names, telephone numbers, email and mailing addresses, dates of birth, genders, medical record numbers, and hospital admission date.


“Blackbaud has assured [Methodist Hospital of Southern California] that it has no reason to believe that any data went beyond this cybercriminal or was disseminated or otherwise available publicly,” stated the hospital.

Since Blackbaud paid a ransom too and worked with third-party cybersecurity experts, it has received confirmation that the hacker’s copy of the files was destroyed. The company also hired people to monitor the dark web for possible selling of information, and ensure that nothing will be compromised or made publicly.

Methodist Hospital of Southern California didn’t file a lawsuit against Blackbaud, unlike other customers. In the past months, similar attacks were made to other organizations including California school districts, hospitals, and the University of California network.

Shift to Remote Work

With the global pandemic going on, hackers easily access unsecured networks and ask for a ransom. The relaxed security systems in place can be vulnerable to attacks, especially unsecured networks of government agencies and other organizations.

Hackers can attempt to lock out company systems, leaving organizations no choice but to pay up in order to retrieve their databases and files. If firms refuse to pay, the so-called threat actors will release the data publicly, hurting the reputation of the companies.

When the data gets into the dark web and further into the wrong hands, customers, and patients, in this case, can be victims of fraud. Unauthorized access to their bank accounts can take place, leaving the companies in a bad position.

With all these and even lawsuits and penalties, firms and organizations can eventually lose millions of money.

No updates about the ransomware attack were provided by the Methodist Hospital of Southern California.