An unauthorized party accessed donor and fundraiser information for months from Virginia Hospital Center (VHC), who has served the Washington, D.C. area for 75 years. The company, Blackbaud, also reported many of its other clients’ donor and fundraising data jeopardized by the hackers.
VHC stored donors’ personal information. This included names, addresses, phone numbers, email addresses – even birth dates and the last four digits of credit card numbers. Hackers had access to these records for approximately three months, from February to May. However, the last traces of hacking didn’t cease until early June.
In mid-June, the hackers blackmailed Blackbaud with purported stolen files. It is reported that Blackbaud paid the hackers a ransom in Bitcoin to delete the data. Company officials shared that they could confirm the data was destroyed. Blackbaud added that they hired experts to monitor the Internet and dark web, to be more sure that no information was released.
The report released by the VHC on Thursday didn’t mention the ransom. Instead, it stated that Blackbaud had assured the hospital that it had “no reason to believe that any data went beyond the authorized party.”
In their initial report, Blackbaud revealed that the cybercriminal had potentially accessed unencrypted fields for bank account information, Social Security numbers, and login credentials.
Blackbaud told The Virginia Star that it couldn’t disclose the number of customers affected by the breach.
“We will not be commenting beyond the statement on our website, the company said. “Thank you for understanding.”
The company also refused to disclose the nature or region of the hackers.
The VHC stated that it is notifying individuals of the breach. Blackbaud didn’t cite fault with any of its security protocols, but mentioned that it did implement changes to strengthen security.
– – –