Foundation Responds to Blackbaud Security Incident

Notice of Data Security Incident

Visit our FAQ section for more information

Northern Light Health Foundation has learned that it is one of thousands of hospitals, healthcare systems, and other nonprofit organizations, including several in Maine, to be affected by a security event at Blackbaud, the company that hosts our fundraising databases.

The affected databases include information about donors, potential donors, those who may have attended a fundraising event, patients who we believe may want to support our healthcare mission, and others in the community with whom we have relationships. Northern Light Health maintains its electronic health record separate from the Foundation.

Blackbaud has advised that the cybercriminals who attacked Blackbaud did not gain access to any credit card, bank account, or social security numbers; however, they may have accessed other types of information. Northern Light Health has worked with Blackbaud to understand the number of parties affected by this incident, and what types of information were accessed by the threat actor. The Foundation has reached out by mail to anyone whose personal information was accessed as a result of this incident.

Anyone who has questions is encouraged to visit northernlighthealth.org/securityevent or reach out to Northern Light Health Foundation at foundation@northernlight.org or 1.866.839.4483.

Frequently Asked Questions – fundraising database information breach

What happened?
Blackbaud, the company that hosts Northern Light Health Foundation’s fundraising databases, learned of a global data security event and notified its subscribers. According to Blackbaud, the cybercriminals were not successful at gaining access to Blackbaud’s encrypted files, but they were able to access backup files that contained fundraising information.

What information was involved?
The affected databases include information about donors, potential donors, those who may have attended a fundraising event, patients who we believe may want to support our healthcare mission, and others in the community with whom we have relationships. Northern Light Health maintains its electronic health record separate from the Foundation.
Blackbaud has advised that the cybercriminals who attacked Blackbaud did not gain access to any credit card, bank account, or social security numbers; however, they may have accessed other types of information.

What is Northern Light Health Foundation’s relationship with Blackbaud?
Blackbaud is one of the largest providers of fundraising database and support services for healthcare organizations, educational institutions, and other nonprofits. Blackbaud has provided these services to the Foundation for many years without incident.

This security incident affects thousands of organizations around the world, including many here in Maine, and is not limited to Northern Light Health. More than 25,000 organizations worldwide store information on Blackbaud.

How did Blackbaud respond?
According to Blackbaud, their teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. Blackbaud says that they have confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics.

How is Northern Light Health Foundation responding?
Northern Light Health has worked with Blackbaud to understand the number of parties affected by this incident, and what types of information were accessed by the threat actor. A vendor that Northern Light Health is working with on our response to this incident has sent letters to everyone whose protected health information was potentially accessed as a result of this incident. Northern Light Health has also provided notice through statewide media and a post on the Northern Light Health website. A separate letter will be sent to donors who did not receive the protected health information letter, but who may have had other types of information compromised.

A dedicated assistance line is available to anyone who has questions.

Why did it take so long for The Foundation to be notified?
According to Blackbaud, they prioritized fending off the cybercriminal’s attempt to encrypt their customer files, preventing them from blocking their system access, and expelling them from their system. Blackbaud first discovered the compromise on May 14, stopped the cyberattack on May 20, worked to understand what information was exposed and who was affected by July 9, and notified Northern Light Health Foundation on July 16. Northern Light Health has provided the required notification to those whose PHI was potentially accessed within 60 days as required by the federal government.

Why did it take so long for the Foundation to notify donors and patients?
Since being notified, the Foundation has been working closely with Blackbaud to fully understand exactly what information was compromised and which donors and patients were affected. Communication began to be distributed as soon as the Foundation had the information needed to provide an initial notification.

What is Northern Light Health Foundation doing to maintain the trust of donors and patients?
Northern Light Health has and will continue to provide clear, transparent communication about the incident and answer questions from those affected. The Foundation is continuing to monitor Blackbaud’s response, including the steps that Blackbaud is taking to protect donor information moving forward.

What can those affected do if they have questions?
Anyone who has questions is encouraged to visit northernlighthealth.org/securityevent or reach out to foundation@northernlight.org or 1.866.839.4483.