Catholic Health and its foundations notified of nationwide data breach

In mid-July, Catholic Health and its foundations were notified by a third-party software vendor, Blackbaud Inc., of a cyber security breach that impacted the health system and other nonprofit organizations locally and throughout the country. The breach, which was part of a potential donor data base, included the names, medical record numbers, and dates of service for patients who received care in Catholic Health from 2016 through May of this year.

After a thorough investigation, Catholic Health determined that no medical information, social security numbers, addresses, bank account numbers or credit card information were included in the data breach. Blackbaud choose to pay the cybercriminal’s ransom and received confirmation the data was destroyed.

“Out of an abundance of caution,” Catholic Health is sharing this information with patients and the community to increase awareness of this incident for the Western New York region.

“Patient privacy is of the utmost importance and we go to great lengths to safeguard patient information,” said Kimberly Whistler, Catholic Health corporate compliance and privacy officer. “All patients whose names and information were part of this incident will be receiving a letter from Catholic Health in the next few weeks. While we do not believe there is a need for anyone to take action, we recommend all patients remain vigilant and report any suspicious activity or suspected identify theft to the proper authorities.”

Blackbaud provides cloud software services, expertise and data intelligence to more than 25,000 nonprofits, higher education institutions, K-12 schools, health care organizations, faith communities, arts and cultural organizations, foundations, and others “to drive social good.”