Cyber Incident Victim: Gillette Children's Specialty Healthcare
Date:
Sep 2020
Location:
United States of America
Summary
A ransomware attack targeting cloud computing provider Blackbaud potentially compromised personal information of patients and donors at multiple healthcare organizations, including Gillette Children's Specialty Healthcare, Children’s Minnesota, Allina Health, and Regions Hospital. The incident exposed names, addresses, and possibly medical data from hundreds of thousands of individuals across these providers, though affected organizations stated the breached information did not create immediate risks for identity or financial theft. Blackbaud implemented additional security measures following the attack, with healthcare providers confirming they reviewed these protocols and collaborated to assess the incident's scope while advising vigilance regarding potential fraudulent activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2020, Gillette Children’s Specialty Healthcare and three other Minnesota healthcare providers—Children’s Minnesota, Allina Health, and Regions Hospital—notified patients and donors that their personal information may have been compromised due to a ransomware attack targeting Blackbaud, a cloud-based customer relationship management provider. The incident stemmed from a breach at Blackbaud, which managed donor databases and patient engagement platforms for these healthcare organizations. Attackers accessed Blackbaud’s systems between February and May 2020, exfiltrating data before deploying ransomware. Blackbaud paid the ransom after receiving assurances from the attackers that the stolen data had been destroyed, though the company acknowledged it had no means to verify this claim. The healthcare providers were notified by Blackbaud in July 2020 about the potential exposure of their data, prompting internal investigations to determine the scope of impact.
The breach affected hundreds of thousands of individuals across the four providers, with Allina Health confirming notifications to over 200,000 patients and donors and Children’s Minnesota alerting more than 160,000 individuals. While Gillette Children’s did not disclose specific numbers, its notifications indicated similar risks. Compromised data included names, addresses, and potentially medical information, though Allina Health stated the exposed data did not create immediate risks for identity or financial theft. Children’s Minnesota advised affected individuals to monitor medical bills for fraudulent activity. Allina Health reviewed Blackbaud’s post-incident security enhancements and expressed confidence in their adequacy. No disruptions to healthcare services or additional attacker motives beyond the ransomware payment were reported. The providers issued breach notifications as a precaution, though no direct misuse of data linked to the incident had been documented at the time of disclosure.