Blackbaud Ransomware Hack Affects 657K Maine Health System Donors

A Blackbaud ransomware attack breached the data of 657,392 donors to Northern Light Health Foundation and other entities; malware, a phishing incident, and another ransomware attack complete this week’s breach roundup.



August 18, 2020 - A ransomware attack on healthcare business associate Blackbaud compromised the data from 657,392 donors, potential donors, and patients who support the Northern Light Health Foundation, among others, as well as thousands of other of nonprofits, healthcare systems, and hospitals.


Blackbaud is a cloud computing vendor for a host of nonprofits, foundations, corporations, education institutions, healthcare entities, and change agents.


On May 14, the vendor was hit with a ransomware attack. The cybersecurity team was able to stop the attack on May 20 with assistance from law enforcement and an outside forensics team. Blackbaud was able to successfully prevent the hacker from fully encrypting files and blocked access to the system.


However, the attackers were able to remove a copy of a subset of data from Blackbaud’s self-hosted environment before the team was able to lock the hackers out of the system. The vendor did pay the ransom demand “with confirmation that the copy they removed had been destroyed.”


“Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly,” Blackbaud officials said in a statement.

READ MORE: IBM: Health Sector Leads in Annual Data Breach Costs, Topping $7.13M

The incident did not impact Blackbaud’s public cloud solutions, but its self-hosted environment. Further, the hacker did not access credit card information, bank account information, or Social Security numbers.


Blackbaud recently began notifying some of its customers, which included Northern Light and the Children’s Hospital of Pittsburgh Foundation.


For Northern Light, the impacted databases included data from donors, potential donors, patients who support the foundation’s healthcare mission, fundraising event attendees, and community members with relationships with the foundation.


Northern Light Health maintains its EHR separate from the foundation. The entity is working with Blackbaud to identify the impacted parties and the types of information accessed by the threat actor.


Notably, the Children’s Hospital of Pittsburgh Foundation notification detailed the event as occurring between February 7 and May 20, 2020. The compromised data included constituents’ demographic details, including names, addresses, or birthdates.


BEHAVIORA