Blackbaud Security Incident
The EvergreenHealth Foundation and EvergreenHealth Monroe Foundations were notified that one of our database vendors, Blackbaud, was the victim of a cybersecurity breach. Based on information released by Blackbaud, we want to make you aware of the following information about the attack, and how donor and prospective donor information of the EvergreenHealth Foundation and EvergreenHealth Monroe Foundation may have been affected:
- From what we know, the attackers downloaded certain data from Blackbaud. It is our understanding, based on information provided by Blackbaud, that the affected data of Foundation donors may include name; address on file; date of birth; email address; phone number; gender; information about your relationship with EvergreenHealth; and a history of gifts and pledges to the Foundation. For prospective donors, the exposed information may include your name; date of birth; address on file; physician; medical service line; date of service; and in some cases, the name of your medical insurance carrier.
- The data the attackers accessed did not include any Social Security numbers, credit card, or banking information.
- Blackbaud has informed us that to protect the identifiable information that was downloaded, it paid a ransom and obtained assurances that the downloaded information was destroyed, therefore mitigating the risk of misuse.
- Blackbaud will also continue to monitor the web to verify that none of the data is misused.
What is the EvergreenHealth Foundation Doing?
- We have launched our own investigation and are notifying affected donors and prospective donors so they are aware of the situation and can remain vigilant.
- We are working with Blackbaud to understand what additional steps it is taking to increase its security. Blackbaud has stated that it has already implemented changes to prevent this specific issue from happening again.
- While the Foundations’ computers did not contribute to this breach, the EvergreenHealth Foundation and EvergreenHealth Monroe Foundation are maintaining continuous attention to computer security.
What Can You Do?
While Blackbaud has assured us that no Social Security numbers, passwords, banking or credit card information was disclosed, you can still help ensure that any risk from this breach is mitigated.
- Always review your bank account and credit card statements carefully when you receive them.
- If you receive any unsolicited requests for donations from us or other nonprofits, please call the nonprofit at the number on the nonprofit’s webpage to confirm the request is legitimate.
- You can obtain a free copy of your credit report from each of the three credit reporting agencies, by calling 877.322.8228 or visiting annualcreditreport.com. Until April 2021, you may receive a free credit report every week online.
- If you detect any suspicious activity, report it to the financial institution that holds the account, law enforcement, or the Federal Trade Commission (FTC) at ftc.gov/idtheft.
We are committed to protecting your information, and we sincerely apologize for any inconvenience this vendor data breach may cause. If you have any questions or concerns, we welcome your call and are available at 425.899.1188.
Q1: What happened?
A: Earlier this year, Blackbaud, a popular software system used by the EvergreenHealth Foundation and EvergreenHealth Monroe Foundation, was subject to a cybersecurity attack. Blackbaud notified its client organizations in July 2020 that the attack likely occurred between February and May 2020, during which the cybercriminals were able to obtain data from a number of Blackbaud clients, including the Foundations, and thousands of other organizations around the world.
Q2: Whose information was exposed?
A: The Foundations use Blackbaud software to manage information about donors and prospective donors. In total, about 133,000 records containing basic contact information about donors and prospective donors was exposed.
Q3: How do I know if I was on one of the lists that the attackers obtained?
A: The EvergreenHealth Foundation and EvergreenHealth Monroe Foundation are notifying every individual included in the compromised databases. Those affected will receive a detailed letter in the mail with information about the data that was exposed, and next steps for ensuring your safety.
Q4: What information did the attackers obtain?
A: For donors, basic contact information, including: name; address; date of birth, email address; phone number; gender; information about the donor’s relationship to EvergreenHealth or EvergreenHealth Monroe; and a history of gifts and pledges to the Foundation.
For prospective donors, the following information: name; date of birth; address; physician; medical service line; date of service; and in some cases, your medical insurance carrier.
No personal financial information, including banking information, credit card number(s) or Social Security numbers, was exposed.
Q5: Why do the Foundations keep a database of patient information?
A: As institutionally related foundations, the Foundations support EvergreenHealth and EvergreenHealth Monroe and help to lead important health initiatives for the communities and patients the hospitals serve. Even if you have not previously made a donation to the EvergreenHealth Foundation, your information has been housed in Blackbaud as a “prospective donor.”
- The EvergreenHealth Notice of Privacy Practices, which patients are offered at registration, explains how EvergreenHealth shares your contact information with the EvergreenHealth Foundation. The Foundation uses your information to share fundraising initiatives with you and to invite you to donate to the causes it supports. Should you wish to opt out of receiving fundraising material, please contact our privacy office at firstname.lastname@example.org or 425.899.1939.
Q6: I don’t want the Foundation to keep my information on file. Can I be deleted from their systems?
A: Yes. Please contact email@example.com with your request.
Q7: What is being done to resolve this security breach?
A: Currently, experts and law enforcement continue to investigate how the attack took place. The security breach happened on Blackbaud’s servers. In other words, the Foundations did not contribute to this breach in any way.
Blackbaud’s cybersecurity team—working alongside independent forensics experts and law enforcement—has advised us that in order to protect customer data and mitigate potential identity theft, it paid a ransom, and received assurances from the cybercriminal that the data had been destroyed. The Foundations are working with Blackbaud to understand what additional steps it is taking to increase its security. Blackbaud has stated that it has already implemented changes to prevent this specific issue from happening again.
Q8: I’ve made donations online to the EvergreenHealth Foundation or EvergreenHealth Monroe Foundation or have used electronic transfer from my financial institution. Was my financial information or credit card number exposed?
A: No. No personal financial information, including banking information, credit card number(s) or Social Security numbers, was exposed. The Foundations do not store financial information as part of the compromised database, and we’re taking steps to ensure your financial information is safe.
Q9: What actions do I need to take now?
A: There are no immediate actions you need to take now. We encourage you to continue exercising vigilance when it comes to watching for suspicious behavior or fraudulent activity that may result from cybersecurity attacks or otherwise. We suggest you take extra caution in monitoring and protecting your identity and personal information, and as always, never give financial or identity information out to callers or email requesters you do not personally know.
In particular, we encourage you to watch for correspondence that may attempt to impersonate the EvergreenHealth Foundation or EvergreenHealth Monroe Foundation. Always verify the caller or sender of an email before sharing any personal or financial information. If you’re ever in doubt, call the Foundations directly at 425.899.1900 or 360.805.6304 to confirm the outreach.
Q10: What assurances do I have that my compromised information won’t be used for fraudulent purposes?
A: Blackbaud is confident that the data was destroyed, and it has also engaged third-party investigators to monitor the dark web for any activity that would indicate the compromised information is being used or sold for fraudulent purposes.
Q11: What are the Foundations doing to protect my security?
A: EvergreenHealth compliance and IT teams are working with other experts across the health system to perform our own internal investigation to ensure we’re doing all we can to protect your security. You can also obtain a free copy of your credit report from each of the three credit reporting agencies, by calling 877.322.8228 or visit www.annualcreditreport.com. Until April 2021, you may receive a free credit report every week online.
Q12: What should I do if my information is used for fraudulent purposes?
A: If you detect any suspicious activity, report it to the financial institution that holds the account, law enforcement, or the Federal Trade Commission (FTC) at www.ftc.gov/idtheft. Washington’s Attorney General’s office also provides a detailed resource for following the appropriate steps to recover from fraud or identity theft. Visit www.atg.wa.gov/recovering-identity-theft-or-fraud.