Nuvance Health, and all of our affiliates, are committed to protecting the security and privacy of our patients. Regrettably, we recently learned of an incident that occurred at one of our vendors, Blackbaud, Inc. (“Blackbaud”) that may have involved some health system data.
Blackbaud is a third-party vendor that provides customer relationship management and financial services tools to thousands of schools, non-profits and health systems, including the health system related Foundations. On July 16, 2020, Blackbaud informed us it had discovered that unauthorized individual(s) had gained access to Blackbaud’s systems between February 7, 2020 and May 20, 2020. Blackbaud advised us that the unauthorized individual(s) acquired backup copies of databases used by its customers, including a backup of the database the health system Foundations use for fundraising efforts. Once informed, we immediately took steps to understand the extent of the incident and the data involved.
As with other healthcare institutions that use Blackbaud, the health system’s databases include limited and appropriate information about patients who we believe may want to support our healthcare mission, as well as donors, potential donors, people who may have attended a fundraising event, and others in the community with whom we have relationships.
Based on our review of the affected database, we have reason to believe that it contained information belonging to some health system patients, including names, contact information, ages, gender, dates of birth, admission dates, departments of treatment, treating physicians and health insurance status.
Please note that no financial information—including credit card or bank account information—was affected by this incident. Also, this incident did not involve any access to the medical record systems.
We mailed letters regarding the incident to those whose information was contained in the Blackbaud database on September 14, 2020. We have also established a dedicated call center to answer any questions about this incident, which may be contacted for more information at 1-866-968-0208, from 8:00 a.m. to 5:30 p.m. Central Time, Monday through Friday, excluding major U.S. holidays.
At this time, there is no evidence that the information involved in the incident has been misused. However, for any affected patients, we recommend you review the statements you receive from your healthcare providers. If you see services you did not receive, please contact the provider that issued the statement immediately.
Ensuring the privacy and security of our patient information is of the utmost importance to us; we deeply regret any concern or inconvenience this incident may cause and are grateful for your continued support and engagement. To help prevent something like this from happening again, we are reevaluating our relationship with Blackbaud and closely monitoring its continued updates and the security measures it implemented in response to the incident.