No Social Security numbers or financial account numbers were impacted. Blackbaud provides cloud computing systems for nonprofit organizations. The Charleston, South Carolina-based company discovered in May 2020 it had suffered a ransomware attack, exposing the information of millions of individuals.
Blackbaud paid the cybercriminal’s demand and confirmed the data was destroyed, as well as hired experts to continuously "monitor the dark web" to ensure the data is not shared, according to Beebe. "The security of our community’s personal information is of the utmost importance to us and we deeply regret this incident and any inconvenience this data breach of Blackbaud’s system may have caused," said Beebe spokeswoman Mary Green.
Beebe was notified its information was impacted by the attack in November and conducted its own investigation before announcing it to the public Dec. 30. "This process took significant time and included obtaining a copy of the impacted data from Blackbaud to further investigate the incident," Green said.
Two other Delaware health care systems, Bayhealth and ChristianaCare, announced they were affected last year. Christiana announced in September almost 27,000 of its patients and donors were impacted. In November, Bayhealth indicated 78,000 of its patients and donors were impacted.
As of Nov. 3, Blackbaud has been named in 160 individual claims and 23 class action lawsuits related to the incident, according to the company's third quarter Securities and Exchange Commission report.