Blackbaud's Breach: 5.6 Million Patients And

2020

Blackbaud’s Breach: 5.6 Million Patients and Still Counting….

Dissent Doe DataBreaches.net

Interim Report #2: 9/24/2020 • Blackbaud, a software firm that provides cloud-based donor management solutions for fund-raising purposes, experienced a ransomware attack that they discovered on May 7, 2020. On July 16, they notified clients of the attack and issued a statement. Many clients are now having to notify patients whose protected health information (PHI) had been provided to Blackbaud as part of fundraising efforts. • DataBreaches.net uses multiple sources and searches to find Blackbaud-related reports: Google searches, DuckDuckGo, searches of state attorney general websites that post notifications, and HHS’s public breach portal. Note that not all entities in DataBreaches.net’s report are HIPAA-covered entities. • On September 13, DataBreaches.net issued its first interim report. As of September 24, and based on currently available notifications, DataBreaches.net has now tallied 79 Blackbaud-related incident reports involving patient information. We have numbers for 47 of the 79 reports and know that many more reports have yet to be released.

Findings:

• Augusta University (Georgia Health Sciences Foundation) had the fewest number of patients with PHI: 6. • Inova Health reported the largest number: 1,045,270. • For the 47 entities who provided numbers, we have a total of 5,565,831 patients whose demographic information and status as patients was revealed, sometimes with additional details about their patient experiences. • The 47 incidents had a mean of 118,421.94 patients and a median of 60,595 patients.

Are you unnecessarily giving fundraising arms or business associates protected health information? Some simple alterations in the data you provide may change it from PHI to non-PHI.

You can see the updated interim list of compiled reports on the following pages. Any corrections to the list can be sent to breaches[at]databreaches.net.

If any firm or organization would like to throw some sponsorship at this site to support this site’s efforts to shine the light on protecting patient data privacy and security, please contact me at breaches[at]databreaches.net.

ENTITY PATIENTS AFFECTED

Adventist Healthcare 13041 Allina Health 199389 Atrium Health 165000 Augusta University (Georgia Health Sciences Foundation) 6 Berkshire Farm Center & Services for Youth, Inc. 4950 Bluegrass Care Navigators 0 Catholic Health 0 Catholic Health System (SC) 61267 Catholic Medical Center 18623 Children’s Minnesota 160268 Christ Hospital Health Network 0 Christiana Care 1229 Community Health Network 81118 Community Medical Centers 43667 Connecticut Children’s Medical Center Foundation 2633

September 24, 2020 ©2020 DataBreaches.net - 2 - Devereux Advanced Behavioral Health 1758 Emanate Health Foundation 0 Enloe Medical Center 33575 Gillette Children’s Hospital Foundation 1766 Guthrie Clinic 92064 Hebrew Senior Life 27244 Holy Cross Health (Trinity Health) 0 Hydrocephalus Association 0 Inova Health 1045270 Jewish Home Lifecare d/b/a The New Jewish Home (The Fund for the Aged) 0 Joslin Diabetes Center 71160 Lehigh Valley Health Network 81487 Life Enriching Communities (LEC Foundation) 2345 LifeFlight Foundation 0 Loyola Medicine (Trinity Health) 0 Main Line Health 60595 Margaret Mary Health Foundation 0 Medical University of South Carolina (MUSC) 0 Memorial Sloan Kettering 0 Mercy Hospital & Medical Center (Trinity Health) 0

September 24, 2020 ©2020 DataBreaches.net - 3 - MercyOne Clinton Medical Center 0 Montefiore Medical Center 0 Mount Carmel Health System (Trinity Health) 0 Mount Sinai Health System 87535 Mount Sinai South Nassau Hospital 0 Mount St. Rita Health Centre 0 MultiCare Health System 179189 Northern Light Health Foundation 657392 NorthShore University HealthSystem 348746 Northwestern Memorial HealthCare 55983 Nuvance Health 0 Our Lady of the Lake and Franciscan U. 31166 Pennacook Place (Covenant Health) 0 Piedmont Healthcare 0 Polycystic Kidney Disease Foundation 0 Prelude Behavioral Sciences 0 Regions Hospital 52795 Richard J. Caron Foundation 22718 Riverside Foundation 54151 Roper St. Francis 92963

September 24, 2020 ©2020 DataBreaches.net - 4 - Roswell Comprehensive Cancer Center and Roswell Park Alliance Foundation 141669 Saint Luke's Foundation 360212 SCL Health - St. Mary's SCL Health has facilities in Colorado, Montana, and 0 Kansas Sheltering Arms Physical Rehabilitation Centers 683 Skyland Trail 0 Specialized Alternatives for Families & Youth of America, Inc. (unconfirmed) 58123 Spectrum Health 52500 St. Mary Health Care Center (Covenant – MA- 0 St. Mary's Health System (Covenant Health - Maine) 0 Stony Brook Medicine 175000 Texas Children’s Hospital 1987 Trinity Health (has 92 hospitals nationwide, reporting separately?) 0 Tuberous Sclerosis Alliance (TS Alliance) 0 UMass Memorial Medical Center 87420 UnityPoint Health ( St. Luke's Foundation, Trinity Health Foundation, and Des 27410 Moines Foundation) University of Florida Health 135959 University Health Systems of Eastern Carolina, Inc. dba Vidant Health 77942 University of Kentucky HealthCare 163774

September 24, 2020 ©2020 DataBreaches.net - 5 - University of South Alabama Health (USA Health) 52344 UT Health San Antonio 0 UT Medical Center Knoxville (UTMCK) 234954 Via Christi Foundation 0 Virginia Mason 244761 Waterbury Hospital 0