CHARLOTTE, N.C. — Some Atrium Health patients may have been affected by a ransomware attack, according to a notice Atrium shared. Atrium said they first learned of the ransomware attack on July 16 from Blackbaud, a company Atrium uses for "relationship management software."
Atrium said Blackbaud discovered "an unauthorized party accessed its systems" on May 14 of this year and determined it happened from February 7 to May 20 of this year.
Blackbaud was able to quickly lock the "cybercriminals" out of the systems, according to the Atrium release. Atrium Health patients who may have been affected by the incident will be mailed notices, in addition to the notice posted on Atrium Health's website.
The full notice can be found below.
According to Atrium, when Blackbaud discovered the cybercriminals had accessed its systems, they learned the cybercriminals removed a copy of a back-up database including information belonging to multiple Blackbaud clients, including Atrium.
Blackbaud paid a ransom to the cybercriminals for the data to be deleted and hired a third-party firm to monitor future actions involving the dataset. According to Atrium, Blackbaud also confirmed it has identified and fixed the vulnerability that allowed the incident to happen in the first place.
Atrium said once they realized they were impacted in the breach, they began a separate investigation to determine what personal information was impacted. Then, on August 12, Atrium determined that individuals' personal information could have been included in the back-up database in question.
Based on a review of the database, Atrium believes that information could have included a patient's first and last name, contact information, certain demographic information, dates of treatment, locations of service, and the name of the treating physician.
Atrium stressed that the affected information did not include any Social Security numbers, credit card information or bank account information. Further, Blackbaud does not and has not had access to medical record nor information about prognosis, medications or test results.
"Even though this incident occurred solely at Blackbaud and not at Atrium Health, we are reviewing our own security safeguards as a precaution and remain vigilant for similar types of incidents," Atrium said in the release. "We take this matter very seriously and are reviewing our relationship with Blackbaud."
Further information and instructions on how to proceed if you think you may have been impacted can be found in the document above, or by clicking here.
Full statement from Atrium Health:
“You may have seen in the news recently that Blackbaud has had a cyber-breach affecting thousands of non-profit academic and health care institutions and that Blackbaud paid a ransom to the cyber-criminals. We use Blackbaud’s software services.
“We’ve been in frequent communication with Blackbaud to understand what took place and who may have been impacted. Based on the information currently available, data potentially exposed may have included limited information about our patients and donors to our affiliated foundations.
“Atrium Health regards the safety and privacy of our patients as our highest priorities. We have engaged our legal, security and privacy teams to investigate what took place at Blackbaud. Blackbaud has confirmed that it has identified and fixed the vulnerability associated with the incident and is accelerating its efforts to further protect the security of its environment through additional enhancements. We are in the process of notifying those who may have been affected and evaluating our relationship with Blackbaud.
“There are still many unanswered questions and we are diligently pursuing both answers and resolution. Like thousands of other Blackbaud clients, we are very concerned about this event and are carefully evaluating our next steps.”