Riverside is proud of the trust and support our communities show our health system. We are committed to transparency, honesty and the protection of the personal data that we maintain. On July 16, 2020, we learned of a data security incident at Blackbaud. Blackbaud is a vendor that provides data hosting services for us and serves hundreds of nonprofit organizations across the globe.
The impacted data contained selected information about some of Riverside’s donors, potential donors, patients and former patients who we believe may want to support our health care mission and others in the community with whom we have relationships. The specific information in the files included name and contact information, date of birth, and a history of donation dates and amounts. For some donors, the information included limited health information - admit and discharge dates, service location, and doctors' names. Riverside does not store any credit card information, bank account information, or Social Security numbers in this database, so this information was not compromised in any way.
Based on the nature of the incident and the number of nonprofits impacted, research was performed by the service provider, third-party, and FBI investigators. Blackbaud has stated there is no reason to believe any data involved in the breach went beyond the cybercriminals; was or will be misused; or will be disseminated or otherwise made available publicly. Blackbaud has hired a third-party team of experts to continue indefinite monitoring for any such activity.
We believe all personal information remains secure. To be transparent and as a precaution, we are notifying individuals who may have been affected by this incident through either email or first-class mail. As a best practice, we recommend that you remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper law enforcement authorities. Individuals can call 833-385-1309.
Common questions on the Blackbaud security incident
Blackbaud informed Riverside on July 16, 2020 that it had discovered and stopped a ransomware attack in May 2020, but that a file containing limited data had been accessed by the attacker. To protect personal customer data, Blackbaud paid the cybercriminal’s ransom with confirmation that the removed copy had been destroyed. Based on the nature of the incident, Blackbaud’s research, and an FBI investigation, Blackbaud has no reason to believe that any data went beyond the cybercriminals, was or will be misused, or will be disseminated or otherwise made available publicly.
Blackbaud has hired cybersecurity experts to monitor the web for any potential threats or emergence of this data and has assured Riverside this monitoring will continue. The full statement from Blackbaud about the incident is available on their website: https://www.blackbaud.com/securityincident.
What is Riverside’s relationship with Blackbaud?
Blackbaud is one of the largest providers of fundraising database and support services for health care organizations, educational institutions and other nonprofits. Blackbaud has provided these services to our Foundation for many years without incident.
How many organizations were included in this attack?
We estimate several thousands of organizations were affected by this.
What information was included in the file that was impacted?
Information may have included: Name; contact information to include address, phone number, email; donor relationship; and giving history.
For patients, information may have included: Date of birth; admission date; discharge date; service location; and providers to include attending, admin, primary care and referring providers.
Has my credit card information been taken?
No. We do not store information such as credit cards in our system, therefore that information was not accessed. Additionally, all transactions completed through Blackbaud’s software are encrypted, and that information was not reached by the cybercriminals.
Should I change my passwords?
We do not believe there is any reason to believe accounts can be accessed with the information compromised. However, it is best practice to change your passwords regularly every 90 days and to regularly review your account statements and credit reports closely and report any suspicious activities.
What are you doing to address this?
Since being notified, Riverside has been working closely with our leadership and with Blackbaud to fully understand what information was compromised and to review Blackbaud’s compliance and security strategy to ensure our data will continue to be protected. Riverside has notified the individuals we believe were affected by this event via email or first-class mail.
Why did it take so long for Riverside to be notified?
According to Blackbaud, they prioritized fending off the cybercriminal’s attempt to encrypt their customer files, preventing them from blocking their system access, and expelling them from their system. Blackbaud first discovered the compromise on May 14, 2020, stopped the cyberattack on May 20, worked to understand what information was exposed and who was affected by July 9, and notified clients on July 16.
Why did it take so long for Riverside to notify donors?
It took several weeks to obtain the specific data points and donors effected by this breach from Blackbaud which we needed to decide how to respond. After all appropriate information was obtained we met with our legal and leadership teams to decide how to notify our donors.
Other helpful information
For your convenience, the contact information for the three major credit agencies is below:
Equifax: www.equifax.com or call 800-685-1111
Experian: www.experian.com or call 888-397-3742
Transunion: www.transunion.com or call 888-909-8872
We have set up a toll-free number for you to call us about this incident: 833-385-1309.
Posted Sept. 9, 2020