Texas Tech University Health Sciences Center (TTUHSC) was notified Oct. 15 of a ransomware attack on Blackbaud Inc’s (Blackbaud) system that occurred sometime in May 2020. Blackbaud is a third-party vendor that provides software applications for fundraising management to non-profit organizations ineluding TTUHSC.
Blackbaud was a victim of a data security breach that affected more than 200 organizations in the United States and internationally. Blackbaud reported that it investigated the matter and determined there had been unauthorized access to its systems, which contained TTUHSC patient information. While Blackbaud has taken additional security steps to prevent unauthorized access to their data, TTUHSC made the decision to discontinue services with the company.
Upon notification, TTUHSC conducted an independent review and determined that the accessed Blackbaud files may have contained the following patient information: name, mailing address, telephone number, email address, date of birth, TTUHSC medical record number, physician name and specialty. The breached information occurred on Blackbaud’s system and at no time did the attackers have access to TTUHSC’s electronic medical record system.
TTUHSC has not received any indication that any patient information has been accessed or used by an unauthorized individual and no financial information was included in the breach. However, patients may call any of the three major credit bureaus to request credit information or request a credit file fraud alert.
Breach notification letters were mailed to affected patients notifying them of potential information included in the Blackbaud breach. In addition, TTUHSC has set up a toll-free number at 1-800-905-9452 Monday through Friday 8 a.m. to 5 p.m. (CST) for patients who may have any questions. TTUHSC values all of their patients’ privacy and deeply regrets any inconvenience this has caused.