Notice of Blackbaud Data Breach
Blackbaud, Inc. recently notified The AnMed Health Foundation of a data security incident that may have affected some of our donors’ or prospective donors’ personal data. Blackbaud is the global market leader in third-party, not-for-profit donor applications used by many charities, health, and educational organizations in the U.S. and abroad.
On July 16, 2020, we were notified that Blackbaud (one of The AnMed Health Foundation’s third-party service providers) had discovered and stopped a ransomware attack of Blackbaud’s self-hosted environment in May of 2020.
What information was involved?
Blackbaud has specifically informed us that the cybercriminal did not access credit card information or bank account information. However, according to Blackbaud, the cybercriminal removed a copy of a subset of Blackbaud’s customer data as early as February 7, 2020. The information removed may have contained individuals’ contact information, demographic information, birthdate and relationship and donation profile/history with The AnMed Health Foundation. Blackbaud paid the cybercriminal’s ransom demand with confirmation that the copy of data removed had been destroyed.
Blackbaud does not believe this incident poses any risk to our donors, because, based on the nature of the incident, Blackbaud’s research, and third-party (including law enforcement) investigation, Blackbaud has no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly. Blackbaud has hired a third-party team of experts to monitor the dark web as an extra precautionary measure.
What are we doing?
Ensuring the safety of our constituent’s data is of the upmost importance to us. Blackbaud has reported that it has already implemented several security changes. Blackbaud has stated that it quickly identified the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. Blackbaud has confirmed through testing by multiple third parties that Blackbaud’s fix withstands all known attack tactics. Additionally, Blackbaud has reported it is further hardening its environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms.
The AnMed Health Foundation Board of Trustees was notified of the Blackbaud Data Breach during the September 8, 2020 board meeting.
What can you do?
We do not think there is anything you need to do at this time aside from maintaining your routine personal practices of remaining vigilant to cybercriminal scams. Promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities or the credit bureaus: Equifax (PO Box 74021, Atlanta, GA 30374; 800-685-1111), Experian (PO Box 2002, Allen, TX 75013; 888-397-3742) or TransUnion (PO Box 1000, Chester, PA 19016; 800-916-8800).
For more information about this incident, visit the www.blackbaud.com/securityincident.
We apologize for any inconvenience this may have caused you. The AnMed Health Foundation exists because friends like you support our efforts to improve the health of the community and the quality of life for our neighbors. We thank you for your continued support of The AnMed Health Foundation. Please contact The AnMed Health Foundation office with questions at 864-512-3477 or email firstname.lastname@example.org.
We’re in this together.