The 2 largest healthcare information breaches reported to the federal authorities final month have been each tied to a ransomware assault at a third-party software program vendor, Blackbaud.
Mixed, the 2 information breaches at Northern Mild Well being in Brewer, Maine, and St. Luke’s Basis in Kansas Metropolis, Mo., compromised private information on greater than 1 million individuals.
Dozens of healthcare organizations, instructional establishments and different not-for-profits within the U.S. and overseas have been affected by the Might cyberattack at Blackbaud, an organization that sells software program to not-for-profits to handle fundraising, advertising and different operations.
Northern Mild on Aug. three reported that as much as 657,392 individuals who had private information held within the well being system basis’s fundraising databases, that are hosted by Blackbaud, may need had data uncovered within the incident.
The cybercriminals who attacked Blackbaud accessed recordsdata that contained fundraising data associated to donors, doable donors, individuals who had attended fundraising occasions and “sufferers who we consider could need to assist our healthcare mission,” amongst different group members, based on a discover from Northern Mild Well being Basis.
Saint Luke’s Basis, the muse affiliated with Saint Luke’s Well being System, on Aug. 20 reported that as much as 360,212 individuals could have been compromised in the identical incident at Blackbaud.
NorthShore College HealthSystem in Evanston, Sick., final week mentioned an estimated 348,000 sufferers could have had private data compromised within the Blackbaud assault.
Upon discovering the ransomware assault in Might, Blackbaud mentioned its safety staff was capable of block the cybercriminals from absolutely encrypting recordsdata and eliminated them from the corporate’s data programs; nonetheless, earlier than that time, the cybercriminals had already taken a duplicate of among the firm’s information.
Blackbaud paid a ransom demand to the cybercriminals, who in change destroyed the information copy, based on a discover describing the incident that Blackbaud posted on-line.
As of Tuesday, HHS’ Workplace for Civil Rights—the company that maintains the federal government’s database of healthcare information breaches—had posted 31 information breach reviews that healthcare suppliers, insurers and their enterprise associations had submitted to the company in August. In whole, the 31 information breaches compromised information on a collective 2.1 million sufferers.
The typical variety of sufferers affected per incident was roughly 69,263 in August, the best month-to-month common up to now this 12 months. That quantity’s partially pushed up by organizations reporting a number of information breaches in August that uncovered information on greater than 100,000 sufferers every, together with the incidents at Northern Mild and St. Luke’s, in addition to six others.
In July, the typical variety of sufferers affected per information breach was simply over half of that 69,263 determine, at 35,776.