Medical College of Wisconsin Notifies Patients of Blackbaud Data Security Incident
On July 16, 2020, Blackbaud informed MCW that it had discovered and stopped a ransomware event that occurred intermittently between February 7, 2020 and May 20, 2020. According to Blackbaud, they paid the threat actor to ensure that the data was permanently destroyed.
Once MCW was informed of the issue, it immediately initiated an internal investigation in partnership with outside experts to determine the impact to its stakeholders and appropriately notify them. On August 19, 2020, it was determined that the information removed by the threat actor contained personal information of some MCW patients, including full names, addresses, dates of birth, phone numbers, medical record numbers, dates of service, and/or treating physician names and specialties. Importantly, this incident does not impact patient Social Security numbers, financial account information, or payment card information. MCW’s electronic health record system was not impacted by this incident.
According to Blackbaud, there is no evidence to suggest that any data will be misused, disseminated, or otherwise made publicly available. Blackbaud indicates that it has hired a third-party team of experts, including a team of forensics accountants, to continue monitoring for any such activity. Notified individuals should always remain vigilant in reviewing their financial account and explanation of benefits statements for fraudulent or irregular activity on a regular basis and report any suspicious activity.
MCW deeply regrets any concern or inconvenience this may cause. As an organization committed to not only providing an exceptional patient experience, but to protecting the security of patient information, MCW is taking this incident extremely seriously, and remains committed to reviewing and enhancing its security practices, and that of its third-party partners and providers, on an ongoing basis in accordance with data security best practices.
For more information about this incident, Blackbaud released a public statement acknowledging this event and describing its cybersecurity practices, available at www.blackbaud.com/securityincident. Additionally, MCW has established a dedicated and confidential toll-free response line to respond to questions at 1-877-470-0222. This response line is staffed with professionals familiar with this incident and knowledgeable on what individuals can do to protect their information. The response line is available Monday through Friday, 8 a.m. to 5 p.m. Central Time.
Keep up with the latest news. Sign up for Newsroom Alerts.
Latest press releases, stories and resources.