Joslin Diabetes Center is providing notice of a cyber incident that may affect the security of some information relating to certain individuals associated with Joslin, including donors and patients.
BOSTON, Sept. 14, 2020 /PRNewswire/ -- Joslin Diabetes Center (“Joslin”) is providing notice of a cyber incident that may affect the security of some information relating to certain individuals associated with Joslin, including donors and patients.
On July 16, 2020, Joslin received notification from Blackbaud Inc. (“Blackbaud”) of a cyber incident that it uncovered in May 2020. Blackbaud is a third-party vendor that Joslin uses for database assistance in donor relations and fundraising operations, and upon receiving this notice, Joslin immediately began an investigation to better understand what may have happened and any impact on Joslin’s data. Blackbaud reported that, in May 2020, two months before notifying Joslin, it discovered a ransomware incident that resulted in encryption of certain Blackbaud systems. Blackbaud reported the incident to law enforcement and worked with forensic investigators to determine the nature and scope of the incident. Blackbaud notified its customers, including Joslin, that a cybercriminal may have accessed or acquired certain Blackbaud customer data. Blackbaud reported that the data was potentially exported by the threat actor before Blackbaud locked the cybercriminal out of its environment on May 20, 2020. According to Blackbaud the data was destroyed and they do not believe that any data was or will be misused, disseminated or otherwise be made publicly available. Blackbaud further stated that this belief has been corroborated by outside experts and law enforcement.
Joslin has worked diligently to gather further information from Blackbaud to understand the incident. Joslin’s investigation determined that the involved Blackbaud systems may have contained names, dates of birth, treatment dates, treatment locations and physician names. Joslin has not received any information from Blackbaud that this information was specifically accessed or acquired by the cybercriminal and it is also important to note the Joslin data hosted by Blackbaud did not include any financial account information or Social Security numbers.
The privacy and security of information are of the utmost importance to Joslin. Joslin is reviewing its existing policies and procedures regarding its third-party vendors, and is working with Blackbaud to evaluate additional measures and safeguards to protect against this type of incident in the future. Joslin is notifying individuals whose information may have been impacted by this incident and is providing general information on what they can do to protect their information. For additional questions, Joslin has established a dedicated assistance line that may be reached at 888-977-0627 between the hours of 9:00 AM to 6:30 PM Eastern Time, Monday through Friday (may exclude certain U.S. holidays). Individuals may also write to Joslin at One Joslin Place, 4th Floor, Boston, MA 02215.
Joslin encourages individuals who are potentially affected by the Blackbaud incident to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports for suspicious activity. Under U.S. law individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order obtain a free credit report individuals may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. They may also contact the three major credit bureaus directly to request a free copy of your credit report.
The major consumer reporting agencies are listed below:
Experian P.O. Box 9554 Allen, TX 75013 1-888-397-3742 | TransUnion P.O. Box 2000 Chester, PA 19016 1-888-909-8872 | Equifax P.O. Box 105788 Atlanta, GA 30348-5788 1-800-685-1111 |
Individuals potentially affected by the Blackbaud incident can also further educate themself regarding identity theft, fraud alerts, security freezes, and the steps to take to protect information by contacting the consumer reporting agencies, the Federal Trade Commission, or their state Attorney General.
The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Further information on how to file such a complaint can be found by way of the contact information listed above. Individuals also have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, in general you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General.
For Rhode Island residents, the Rhode Island Attorney General may be reached at: 150 South Main Street, Providence, Rhode Island 02903; www.riag.ri.gov; or 1-401-274-4400. Under Rhode Island law, you have the right to obtain any police report filed in regard to this incident. There are approximately 1,453 Rhode Island residents whose information may have been present.
View original content:http://www.prnewswire.com/news-releases/joslin-diabetes-center--notice-of-data-incident-301130574.html
SOURCE Joslin Diabetes Center