Two major health systems in the Midwest were affected by the global data security incident at Blackbaud, a company that hosts fundraising data for large organizations.
Chicago-based Northwestern Memorial HealthCare and Grand Rapids, Mich.-based Spectrum Health both used Blackbaud's fundraising database management services when the company experienced a ransomware attack earlier this year. Blackbaud notified organizations on July 16 that an unauthorized individual gained access to its systems between Feb. 7 and May 20, 2020.
The unauthorized individual may have acquired a backup of the database including donor and patient information such as age, gender, birth dates, medical record number, dates of service and the treating physicians. The company doesn't believe that any of the data has been misused.
The incident affected 55,983 individuals at Northwestern and 52,500 individuals within Spectrum's system. Northwestern said the system encrypted Social Security numbers, financial accounts and payment card information for all but five individuals. Spectrum reported the incident did not affect the financial information for any of the individuals associated with its foundation.
However, Spectrum conducted its own investigation and found some protected health information about patients was accessible to the unauthorized individual and plans to contact those patients by mail to notify them of the incident.
Blackbaud paid the cybercriminals to destroy the stolen data file.