The Sisters of Charity Health Systems (SCHS) is the newest victim to announce a possible data breach due to links with Blackbaud cloud computing vendors.
According to the healthcare organization, Blackbaud intruders gained access to a database containing copies of SCHS fundraising programs. Patient names, addresses, gender, contact information, and treating physicians are possibly exposed.
SCHS said Blackbaud has informed them on July 16 of unauthorized database access from Feb. 7 to May 2020. The cloud computing vendor said the hackers may have obtained backup copies of SCHS’ hospital databases, containing private information.
The notice said the attack on its database affected other healthcare institutions including Mercy Medical Center, Providence Hospitals, St. Vincent Charity Medical Center, Building Healthy Communities, Early Childhood Resource Center, Healthy Learners, and others.
In addition to the personal information, backup files from its exposed database include donation history across SCHS entities, volunteer service, and employment.
Although the situation had patients think of the possibilities of being exposed to fraud incidents, SCHS assured customers that the data breach incident has only impacted constituent and donor databases.
The medical systems containing all medical records were not affected by the breach. Attackers didn’t get any information on financial accounts, credit card numbers, and even security numbers.
SCHS said these records are encrypted and not handled by Blackbaud. This means all crucial financial and medical information aren’t accessible to anyone outside the organization and its entities.
Working with Authorities
While Blackbaud assures everything’s under control and they’re working with authorities and third-party cybersecurity companies, SCHS tells patients to be vigilant. Any suspicious movements and communications via email, text, or phone call must be reported immediately.
In addition, the healthcare organization said impacted patients can dial a dedicated customer service hotline to get answers from representatives. Any concerns or issues can be redirected to the customer service for an in-depth discussion on the matter.
It can be recalled that Blackbaud has paid a ransom to hackers to ensure all data stolen from its network will be deleted. Many criticize this move, citing encouragement for others to attack companies and entities to get cash rewards.
Meanwhile, Blackbaud officials said they have confirmation that stolen data was ‘destroyed’ after the ransom was paid. They also clarified that they’ve only paid the ransom of an undisclosed amount after confirming that the data stolen were striped.
Blackbaud said they monitored the black market and dark web with the help of outside experts and found no evidence that any data was released.