[BreachExchange] Sisters of Charity Health System Informs Patients of Data Breach

Destry Winant destry at riskbasedsecurity.com
Thu Oct 8 10:25:18 EDT 2020 

https://securityboulevard.com/2020/10/sisters-of-charity-health-system-informs-patients-of-data-breach/

As the year unfolds, more victims of the Blackbaud data breach come
forward. The Sisters of Charity Health System (SCHS) recently
disclosed that intruders may have accessed backup copies used by SCHS
for fundraising during the cyberattack on their third-party cloud
service provider.

“On July 16, 2020, Blackbaud informed us it had discovered that an
unauthorized individual had gained access to Blackbaud’s systems
between February 7 and May 20, 2020, and may have acquired backup
copies of databases used by its customers, including backups of the
databases that SCHS entities use for fundraising efforts,” SCHS said.

According to a notice, the attack on Blackbaud may have affected SCHS
entities including Mercy Medical Center, Providence Hospitals, St.
Vincent Charity Medical Center, Building Healthy Communities, Early
Childhood Resource Center, Healthy Learners, Joseph’s Home, Light of
Hearts Villa, Regina Health Center, and South Carolina Center for
Fathers and Families.

SCHS also notes that the database involved in the incident may have
included patients’ names, gender, date of birth, contact information
and treating physicians.

“The database may have also contained information about relationships
with SCHS entities such as donation history, volunteer service and
employment, if any,” SCHS added.

Sisters of Charity Health System has assured patients that the data
security incident only impacted constituent and donor databases, and
no access to medical systems or protected health records was detected.
All sensitive information, such as Social Security numbers, credit
card numbers, and financial account information, was encrypted and not
accessible to the attackers.

While Blackbaud may have paid the attackers’ ransom demands to delete
any stolen data permanently, affected individuals should remain
vigilant against any suspicious communication via email, text, or
phone calls.

In response to the data breach, SCHS has emailed all impacted patients
and has set up a dedicated customer service number to assist with any
questions or concerns.

More information about the BreachExchange mailing list