|
Dear Friends and Supporters,
We are writing to let you know that Blackbaud, the company that provides us with our donor and fundraising management system, recently informed us that they were a victim of a ransomware attack. Please know that Hackensack Meridian Health takes the protection and proper use of our donor's information very seriously. As a result, we immediately contacted Blackbaud to learn more about the incident.
Blackbaud assured us that information such as credit card numbers, bank accounts or social security numbers were not accessed as part of the ransomware attack. As a result, our donors' most sensitive information was not compromised. However, we have been advised that the file removed may have contained contact information, demographic information, and a history of their relationship with our Foundation, such as donation dates and amounts. In an effort to protect the stored data, Blackbaud paid the cybercriminal's demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, their research, and third party (including law enforcement) investigation, and on the information provided to us by Blackbaud, there is no reason to believe that any data went beyond the cybercriminal, was or will be misused, will be disseminated or otherwise made publicly available.
As part of their ongoing efforts to help prevent something like this from happening in the future, Blackbaud has already implemented several changes that will protect data from any subsequent incidents. Blackbaud was able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. They have confirmed through testing by multiple third parties that the fix they made withstands all known attack tactics. Additionally, they are accelerating their efforts to further strengthen their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms. Click here for more information about this cyberattack and Blackbaud's response.
Even though Blackbaud does not have a reason to believe that any data went beyond the cybercriminal, we still recommend you remain vigilant and promptly report any suspicious activity or suspected identity theft to us and to proper law enforcement authorities.
Should you have any further questions or concerns regarding this matter, please do not hesitate to email give@hackensackmeridian.org.
Thank you again for your continued support and for being a part of the Hackensack Meridian Health family!
Sincerely,
Sean Updegrove
Chief Information Security Officer
|
