Adventist HealthCare Informs Patients Affected by Blackbaud Data Breach
GAITHERSBURG, Md. – Adventist HealthCare recently learned that it is one of thousands of organizations impacted by a data breach at Blackbaud, Inc., a third-party software company used for fundraising records. Adventist HealthCare takes the safety and security of information seriously and is working to inform and educate the individuals affected.
Blackbaud recently informed Adventist HealthCare that it discovered and stopped a ransomware attack in May. Blackbaud was able to maintain access to both their system and files, although the attacker was able to remove a backup file. Adventist has validated that the cybercriminal did not access any credit card information, bank account information or social security numbers. After negotiations with the attacker, Blackbaud was assured that the backup file had been destroyed.
Adventist HealthCare has been in constant communication with Blackbaud since it notified the health system of the attack on July 16, 2020. Blackbaud has informed Adventist HealthCare that based on the nature of the incident, their research and a third-party investigation, they do not believe any data was or will be misused, disseminated or otherwise made available publicly. Since this incident, Blackbaud has taken new measures to secure its data and has conducted tests to confirm these safeguards can withstand future attacks. They have since confirmed their fix withstands all known attack tactics.
Upon learning of this incident, Adventist HealthCare initiated a thorough evaluation to understand what data was compromised and assess the impact, if any, to the organization’s donors and friends. The information that was included in the backup file included names, dates of birth, mailing addresses, email addresses and telephone numbers. For those who were Adventist HealthCare patients, it may have included type of treatment received at an Adventist HealthCare facility and, in some cases, physician and limited clinical information.
Adventist HealthCare is in the process of notifying all affected patients about this incident. The communication is a follow-up to an initial letter sent to all individuals associated with Adventist HealthCare whose names are stored in Blackbaud’s software. Adventist HealthCare also provided affected individuals with an incident phone number and email address for further inquiries.
Even though Adventist HealthCare has no reason to believe that the information has been further compromised, the organization is recommending that affected individuals regularly monitor and review their personal accounts to protect against any unwanted activity. Additional steps that can be taken to preserve the integrity of personal information include placing a free fraud alert on one’s credit report, contacting the Federal Trade Commission or reaching out to any of the following credit reporting agencies: Transunion, Equifax or Experian.
Adventist HealthCare sincerely apologizes for any concern this may have caused donors and friends. The organization has reviewed its donor identification process and initiated communications with all of Adventist HealthCare’s trusted vendors to further understand their commitments to securing patient information and capabilities to successfully address and avoid cyberattacks.
Adventist HealthCare, based in Gaithersburg, Maryland, is one of the longest-serving health systems in the Washington, D.C., region, and one of the largest employers in Maryland. It includes Shady Grove Medical Center, White Oak Medical Center, Fort Washington Medical Center, Adventist HealthCare Rehabilitation, Home Care Services, Adventist Medical Group, Imaging and Urgent Care. Its mission is to extend God’s care through the ministry of physical, mental and spiritual healing.