Trinity Health's Response to the Blackbaud Philanthropy Database Security Incident
LIVONIA, Mich., Sept. 14, 2020 /PRNewswire/ -- Trinity Health is a large multi-institutional Catholic health care delivery system, serving diverse communities that include more than 30 million people across 22 states. At Trinity Health, safety is a top priority – including the safety of personal information. An issue involving personal and protected health information of our patients and/or donors/potential donors has occurred at a third-party vendor.
Trinity Health has begun the process of notifying impacted patients and donors throughout most of our ministries in multiple states about a data security incident related to our philanthropy database vendor, Blackbaud.
On July 16, 2020, Blackbaud notified Trinity Health and other customers of a cyber-attack involving Blackbaud's network, including ransomware, that impacted certain donor database back-up files maintained by Blackbaud, including Trinity Health's donor database. Blackbaud reported the cyberattack occurred between April 18, 2020 - May 16, 2020. Blackbaud reported that, based on its investigation, the cybercriminals responsible for the attack could have obtained access to various types of information in the client back-up files. Additional information can be found in Blackbaud's security notice https://www.blackbaud.com/securityincident
Upon receiving this notice, Trinity Health took immediate steps to begin its own investigation to determine what, if any, sensitive Trinity Health data was potentially impacted. Please note that this attack did not occur within the information systems of Trinity Health or any affiliated Ministry.
Our investigation identified that some combination of the following information may have been accessible within standard database fields: full name, address, phone numbers, email, most-recent donation date, date of birth, age, inpatient/outpatient status, dates of service, hospital location, patient room number, physician name, donor relation to patient, patient discharge status, patient insurance and patient department of service. A limited number of individuals may also have had certain financial information accessible through notes or attachments to their records. Credit monitoring and an information call center will be offered to individuals with increased financial risk due to Blackbaud's security incident. Access to these support services will be outlined in the impacted individuals' notification letters.
Trinity Health began notifying potentially impacted patients and donors on September 14, 2020, via U.S. mail. The notifications will continue until all impacted individuals are notified. We are also notifying Federal and State regulatory agencies as required.
As always, Trinity Health recommends that individuals should remain vigilant and monitor their personal information to ensure it is not being used maliciously. This includes watching for fraudulent emails or text messages that appear to come from Trinity Health or our health systems as these might include links to dangerous websites or have attachments that may infect their computers.
Trinity Health continues to work with Blackbaud as they take measures to further secure the information in their care. Trinity Health deeply regrets that this incident occurred and apologizes for any concern or inconvenience experienced. Trinity Health thanks its patients and donors for their support of our Mission.
Potentially impacted individuals can find additional facts and local contact information by visiting https://www.trinity-health.org/blackbaud-incident
SOURCE Trinity Health