Greenwich Hospital, Lawrence + Memorial and Yale New Haven Hospitals recently announced Blackbaud breaches

Three hospitals in our health system announced that they were among the large number of organizations affected by a Blackbaud data breach. Blackbaud is a software company the hospital has long used for donor communications and engagement.

Unfortunately, the occurrence and sophistication of cybercrimes has increased significantly in recent years. This particular breach was part of a global security incident that affected many of Blackbaud’s 35,000 worldwide clients. Our hospitals were notified by Blackbaud in August that an unauthorized party had removed information as part of a ransomware attack on Blackbaud systems at some point between Feb. 7 and May 20, 2020. Yale New Haven Health System (YNHHS) immediately undertook an extensive internal investigation to determine what information was potentially exposed and which people were affected.

Blackbaud made a payment in response to a demand from the outside party. Blackbaud was assured that all data were destroyed and they do not believe any information had been disseminated in any manner. However, we have not yet been able to independently validate that assurance.

Certain demographic information such as names, addresses, phone numbers, dates of birth and philanthropic history were included in the Blackbaud databases subject to the incident. Additionally, there may have been a small number of individuals with information related to the name of an individual’s doctor or dates of service at the hospital and potentially a small group whose financial data may have been impacted. As this cyberattack was on Blackbaud’s system, the attackers never, at any time, had access to the Yale New Haven Health’s electronic medical record system.

Letters have been mailed to all those whose information was involved with details about what to do if their financial information was involved and for that group, free credit protection is being offered. If anyone has any concern, please call 888-479-3536.

Additional information related to the Blackbaud breach can be found here.