More than 27,000 people have been contacted after UnityPoint Health was affected by a ransomware attack against third-party vendor Blackbaud, a cloud-based provider of fundraising and finance services for education and nonprofit entities, reports KCCI. The attack, which took place between Feb. 7-May 20, impacted patients and donors within the St. Luke’s Foundation in Sioux City, Trinity Health Foundation in the Quad Cities and Des Moines Foundation in Des Moines. UnityPoint Health learned about the ransomware attack from Blackbaud in July. Three other Iowa entities have publicly confirmed they were impacted by the international incident, including the Iowa State Foundation which first announced the attack on July 16; Living History Farms, and the Governor’s STEM Advisory Council, which both confirmed impact in early August. UnityPoint Health information compromised during the attack includes names, addresses, birth dates, phone numbers, provider names, dates of service, hospital departments and philanthropic giving history, reports KCCI. UnityPoint Health emphasized that Social Security numbers and financial information were not exposed. Blackbaud has said it paid an undisclosed ransom and information compromised in the ransomware attack has been permanently destroyed. The four Iowa organizations are some of thousands of international clients of Blackbaud, and the attack appeared to have the widest reach among healthcare organizations, including the Northern Light Foundation in Maine which alone reported compromised data from 657,392 donors, potential donors and patients, reports HealthITSecurity.
