Our donor records are managed by Blackbaud, Inc., a global leader in nonprofit engagement and fundraising technology with more than 25,000 institutional customers around the world. On July 16th, Blackbaud notified us that they were the victim of a ransomware cyberattack in May 2020. This was conducted by cybercriminals who breached Blackbaud’s systems. Blackbaud agreed to pay the ransom demand to confirm that the stolen data was destroyed.
We want to share this information with our supporters at all of the Covenant Health member organizations and with others who have other relationships with our facilities. Blackbaud has told us that much of the information acquired by the cybercriminals was encrypted and could not be accessed or shared. This includes encrypted financial data such as credit card or bank information as well as social security numbers. For more information, including Blackbaud’s response to the incident, visit https:\\www.blackbaud.com/securityincident.
We have been informed that, for a brief time, the cybercriminals may have gained access to limited personal information such as name, address, telephone numbers and individual’s relationship with our facilities. Some records in our data base included patient contact information. However, no information about the nature of care was accessed, because clinical information is not shared with the Foundation office pursuant to The Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Based on the extensive investigation that has ensued since May, Blackbaud has assured us that they do not believe that any of the records have been disseminated. Blackbaud has affirmed that it has already implemented changes to protect its system from any subsequent incidents, including hiring an independent team of experts to accelerate their monitoring of any such activity.
We, at Covenant Health, are remaining in regular contact with Blackbaud regarding the details of this incident and are continuing to monitor their responses. Please be assured that we take incidents like this very seriously.
We sincerely regret this Blackbaud incident. We value your trust in us and are doing all we can to mitigate the impact to our supporters. If you have any questions, please call 833-969-2288.
Sincerely,
J. Bradford Coffey, Esq.
President, Covenant Health Foundation
Betsey Shew, JD, CPHQ
Director of Risk Management and Compliance
