Catholic Health and its Foundations Notified of Nationwide Data Breach
In mid-July, Catholic Health and its Foundations were notified by a third-party software vendor, Blackbaud Inc., of a cyber security breach that impacted the health system and other non-profit organizations locally and throughout the country. The breach, which was part of a potential donor data base, included the names, medical record numbers, and dates of service for patients who received care in Catholic Health from 2016 through May of this year.
After a thorough investigation, Catholic Health determined that no medical information, social security numbers, addresses, bank account numbers or credit card information were included in the data breach. Blackbaud choose to pay the cybercriminal’s ransom and received confirmation that the data was destroyed. Out of an abundance of caution, we are sharing this information with our patients and community to increase awareness of this incident for the Western New York region.
“Patient privacy is of the utmost importance and we go to great lengths to safeguard patient information,” said Kimberly Whistler, Catholic Health Corporate Compliance & Privacy Officer. “All patients whose names and information were part of this incident will be receiving a letter from Catholic Health in the next few weeks. While we do not believe there is a need for anyone to take action, we recommend all patients remain vigilant and report any suspicious activity or suspected identify theft to the proper authorities.”
Blackbaud provides cloud software services, expertise and data intelligence to more than 25,000 nonprofits, higher education institutions, K–12 schools, healthcare organizations, faith communities, arts and cultural organizations, foundations, and others to drive social good.