Northern Light Health Foundation is the latest victim of the ransomware attack on Blackbaud Inc. Blackbaud was targeted by hackers, as they are one of the largest administration fundraising and financial management software providers in the world. It is unclear how many of Blackbaud’s clients were targeted by the healthcare ransomware attack, however, no patient information was compromised in the attack.
Healthcare Ransomware Attack: What Happened
In May 2020, Blackbaud discovered that one of their databases had been hacked. Blackbaud disclosed that they are targeted by millions of attacks each month. Generally their cybersecurity team is able to stave off attacks before any data is compromised, but this time was different.
The hackers were able to infiltrate one of Blackbaud’s databases, that included data such as information about donors, potential donors, and past fundraising event attendees. The hackers started to maliciously encrypt Blackbaud’s records, but Blackbaud was able to stop hackers from encrypting all of their files.
It is unclear how many of Blackbaud’s 25,000+ clients were affected by the healthcare ransomware attack, however, one of their clients, Northern Light Health Foundation revealed that they were among the victims. Northern Light Health Foundation stated in their breach report to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) that 657,392 individuals were affected by the breach (these are only those that were reported by Northern Light Health Foundation — not including thousands of other Blackbaud victims).
Other victims of the breach include organizations in the US, UK, and Canada. Several of these organizations are healthcare organizations including New York City-based Cancer Research Institute and the Santa Monica, CA-based Prostate Cancer Foundation. Luckily, Blackbaud’s records containing patient’s protected health information (PHI) were stored in a separate database.
“Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly,” explained Blackbaud in its substitute breach notice.