Charleston, South Carolina – Roper St. Francis Healthcare is addressing a recent security incident which occurred through one of its vendors, Blackbaud.
Last week, the healthcare provider said it was mailing letters to 6,000 patients who may have been involved in a privacy incident back in June. That number increased to 92,963 on Tuesday.
Roper St. Francis Healthcare said it is just one of many healthcare providers and non-profit organizations that have been affected by a security breach at Blackbaud.
The cybercrime attack at Blackbaud reportedly happened back in May of this year.
Blackbaud assured customers and stakeholders that “the cyber-criminal did not access credit card information, bank account information, or social security numbers.” However, Blackbaud still paid a hacker to destroy any copies of the data that had been made, as “protecting [the] customers’ data is Blackbaud’s top priority.”
The company informed Roper St. Francis Healthcare on July 31st that an unauthorized party had gained access to Blackbaud’s systems between Feb. 7 and May 20.
“Blackbaud further advised that the unauthorized party may have acquired a backup copy of the database that manages fundraising information. RSFH immediately took steps to understand the extent of the incident and the data involved,” RSFH said in a news release Tuesday.
Blackbaud hosts RSFH’s fundraising database.
They said the incident did not affect all RSFH patient information; instead, it was limited to Roper St. Francis Foundations’ fundraising database and did not involve any access to medical systems or electronic health records.
“The fundraising database that was accessed or acquired by the unauthorized party may have included patients’ names, ages, genders, dates of birth, addresses, dates of treatment, departments of service and treating physicians,” said RSFH.
Blackbaud advised that Social Security numbers, financial account and credit card information were encrypted and not able to be accessed by the unauthorized party.
They began mailing the additional letters to potential victims of the cyber-attack on Tuesday.
RFSH has established a dedicated call center to answer any questions about this incident, at 1-866-938-0447, Monday through Friday, between 9 a.m. and 6:30 p.m.
Affected patients are encouraged to review statements they receive from their healthcare providers. If patients see services they did not receive, they should contact their provider immediately.
The South Carolina Aquarium was also a victim of the recent cyber-attack.