On July 16, 2020, Blackbaud, a U.S. based cloud computing provider and one of the world’s largest providers of education administration, fundraising, and financial management software, notified users of its services that it had suffered a ransomware attack in May 2020 in relation to personal data stored on their servers. Numerous colleges, universities, foundations, and other non-profits across the U.S., Canada and the U.K. were affected.
The information below relates to a data security incident involving Blackbaud, Inc., a service provider of the Renown Health Foundation. Our organization takes our data protection responsibilities very seriously. We have launched our own investigation and further details are below, including steps we have taken in response.
On July 16, 2020, we were contacted by Blackbaud, one of the world’s largest providers of customer relationship management systems for not-for-profit organizations and the higher education and health care sector. Company representatives informed us that a Blackbaud service provider had been the victim of a ransomware attack that culminated in May 2020. The cybercriminal was unsuccessful in blocking access to the database involved in the attack. However, the cybercriminal was able to remove a copy of a subset of several of their client’s data. This included a subset of Renown Health Foundation data used for donor prospect research.
What information was involved?
We would like to reassure our constituents that a detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement, third-party cyber security experts and Renown Health.
Blackbaud has confirmed that the investigation found that no encrypted information, such as Social Security numbers and bank account information or passwords, was accessible. Blackbaud also confirmed that no credit or debit card information was part of the data theft.
The Renown Health Foundation data accessed by the cybercriminal in the Blackbaud database may have contained some of the following information:
Public information such as name, title, date of birth, spouse
Addresses and contact details such as phone numbers and e-mail addresses
Philanthropic interests, giving capacity and summary giving history to Renown Health
What actions were taken by Blackbaud?
We have been informed by Blackbaud that in order to protect constituent’s data and mitigate potential identity theft, it met the cybercriminal’s ransomware demand. Blackbaud has advised us that it has received assurances from the cybercriminal and third-party experts that the data was destroyed. Blackbaud has been monitoring the web in an effort to verify the data accessed by the cybercriminal has not been misused.
Steps we have taken in response
We immediately launched our own investigation and have taken the following steps:
We are notifying affected constituents to make them aware of this breach of Blackbaud’s systems at www.renown.org/about-us/renown-health-foundation/ and through our donor newsletter
so they can remain vigilant;
We are working with Blackbaud to understand why there was a delay between it finding the breach and notifying us, as well as what actions Blackbaud is taking to increase its security;
We are taking steps to learn how many other parties in the health care and higher education and the wider not-for-profit sector have been affected.
We do not believe there is a need for our constituents to take any action at this time. As a best practice, we recommend people remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper authorities.
For questions related to the security incident, contact Barbara.Guerin, Chief Information Security Officer at Barbara.Guerin@renown.org or 775-982-4385. We will continue to work with Blackbaud to investigate this incident. We very much regret the inconvenience that this data breach may have caused. Please be assured that we take data protection very seriously and are grateful for the continued support of our patients, families, physicians, employees and friends.