On 16 July the NHA was contacted by a third-party service provider, Blackbaud, one of the world’s largest providers of customer relationship management systems for nonprofit organizations, including healthcare providers, educational institutions, and cultural nonprofits. Blackbaud informed the NHA that Blackbaud had been the victim of a ransomware attack in May 2020. The cybercriminal was able to remove a copy of a subset of data from a number of its clients, including a subset of NHA data.
We use this system to record engagement with members, visitors, and supporters. We do not collect credit card information or social security numbers in this database.
What information was involved?
Blackbaud has assured us that:
- A detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts;
- Blackbaud has confirmed that the investigation found that no encrypted information, such as bank account details or passwords, was accessible.
The data accessed by the cybercriminal may have contained some of the following information:
- Basic details e.g. name, title, gender, and date of birth (if applicable);
- Addresses and contact details e.g. phone and email;
- A record of engagement with fundraising activities e.g. enquiries, event participation, volunteering, donations, and other financial interactions with the NHA.
What are we doing about the situation?
We have been informed that in order to protect customers’ data and mitigate potential identity theft, Blackbaud met the cybercriminal’s ransomware demand and received assurances from the cybercriminal that the data had been destroyed.
However, upon being alerted we have taken the following steps:
- We are notifying you so that you are aware of this breach of Blackbaud’s systems and be vigilant;
- We have informed our IT company Nantucket Networks of the breach;
- We are working with Blackbaud to understand why there was a delay between their finding the breach and notifying us, as well as what actions they have taken to increase their security.
We recommend people be vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities.
We sincerely regret any inconvenience this breach may cause you. Should you have any further questions, please do not hesitate to contact us at firstname.lastname@example.org or 508-228-1894 x 126. For more information from Blackbaud, please visit here.
In regards to the NHA’s internal IT structure, our systems are protected with firewalls and built-in ransomware protection. Systems are monitored daily by Nantucket Networks which also maintain local backups as well as offsite mirror backups. It should be noted, that even the best firewalls are not flawless. Please be assured that we take data protection very seriously and we are grateful for our community’s continued support and engagement.