Blackbaud, Inc. Data Breach

What Happened

We were recently notified by Blackbaud, Inc. (a third-party service provider) of a security incident. At this time, we understand they discovered and stopped a ransomware attack. After discovering the attack, Blackbaud’s Cyber Security team—together with independent forensics experts and law enforcement—successfully prevented the cybercriminal from blocking their system access and fully encrypting files; and ultimately expelled them from their system. Prior to locking the cybercriminal out, the cybercriminal removed a copy of our backup file containing your personal information. This occurred at some point during a period beginning on February 7, 2020 and, the cybercriminal could have been accessing Blackbaud’s system intermittently until May 20, 2020.

What Information Was Involved

It is important to note that we do not store credit card information, bank account information, or social security numbers with Blackbaud and therefore none of that sensitive information was a part of this incident. Instead, the file that was affected may have contained your contact information, demographic information, and a history of your relationship with our organization, such as donation dates/amounts, area of interest (ophthalmology or otolaryngology).

Blackbaud, Inc. reports that they paid the cybercriminal’s demand and received confirmation that the copy they removed had been destroyed. Based on the nature of the incident, Blackbaud Inc.’s research, and third party (including law enforcement) investigation, Blackbaud has assured us that Blackbaud’s team (including outside experts) have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.  Moreover, Blackbaud continues to monitor the Internet for signs that the affected data is being offered or made available.

What Is Being Done

Even though we do not store credit card information, bank account information, or social security numbers with the affected service provider, we are notifying you in case you would like to take any actions to protect yourself. Ensuring the safety of our constituents’ data is of the utmost importance to us. As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud, Inc. assures us that they implemented several changes that will protect your data from similar incidents in the future. First, the provider’s teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. Blackbaud has confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands known attack tactics. Additionally, they are accelerating their efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms. We continue to evaluate our ongoing relationship with Blackbaud.

What You Can Do

As a best practice, we recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and to the proper law enforcement authorities. We will continue to monitor the situation and update you of any changes.  To learn more about the security incident with Blackbaud, please visit Blackbaud's Report on the Security Incident.