Cyber Incident Victim: NorthShore University HealthSystem
Date:
Jul 2020
Location:
United States of America
Summary
NorthShore University HealthSystem notified approximately 348,000 patients that their protected health information was compromised in a ransomware attack targeting third-party vendor Blackbaud. The attackers exfiltrated data, and Blackbaud paid the ransom under the belief that the stolen information would be destroyed, though the health system's notification did not confirm whether patient data was actually misused. This incident was part of a broader breach impacting multiple organizations, collectively exposing millions of individuals' health data through the vendor's compromised systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
NorthShore University HealthSystem disclosed a breach impacting approximately 348,000 patients in September 2020, stemming from a ransomware attack on Blackbaud, a third-party service provider. The incident occurred on or around July 16, 2020, when attackers infiltrated Blackbaud's systems and exfiltrated data containing protected health information (PHI). Blackbaud paid the ransom demand after receiving assurances from the threat actors that the stolen data would be destroyed. NorthShore, like other affected organizations, relied on Blackbaud’s investigation and forensic findings to determine the scope of compromised data. The health system initiated notifications to affected patients upon confirmation that their PHI was involved in the breach, though specific data elements exposed were not detailed in public statements.
The breach formed part of a widespread event impacting numerous organizations using Blackbaud’s services, with at least 3,148,492 individuals’ PHI confirmed compromised across multiple entities by September 2020. NorthShore’s incident contributed significantly to this total, representing over 10% of the documented cases at the time. The disclosure coincided with a surge in breach reports throughout 2020, as noted by cybersecurity researchers tracking multiple sources beyond HIPAA-mandated disclosures. No technical specifics regarding attack vectors, containment measures, or NorthShore’s internal forensic actions were publicly disclosed. The health system’s response centered on breach notifications, while Blackbaud’s ransom payment and data destruction claims remained unverified by independent third parties.