Cyber Incident Victim: Methodist Hospital of Southern California

The Methodist Hospital of Southern California experienced a data breach stemming from a ransomware attack targeting Blackbaud Inc., a third-party vendor hosting the hospital foundation’s fundraising databases. Between February and May 2020, attackers infiltrated Blackbaud’s systems, exfiltrating data before deploying ransomware to encrypt files. Blackbaud’s cybersecurity team prevented a full system lockout but confirmed hackers stole a copy of data containing donor information from the hospital and limited patient records. The breach was disclosed by the hospital in December 2020 after Blackbaud notified affected clients. Blackbaud paid the ransom after negotiating with the attackers, who provided confirmation that their copy of the stolen data had been destroyed. Law enforcement and third-party cybersecurity firms assisted in the investigation.

The compromised data included donor records and a subset of patient information potentially exposing full names, telephone numbers, email and mailing addresses, dates of birth, genders, medical record numbers, and hospital admission dates. Blackbaud retained third-party experts to monitor dark web activity for any dissemination of the stolen data and assured the hospital no evidence suggested public release. A November 2020 class action lawsuit was filed against Blackbaud by other affected organizations, though Methodist Hospital did not participate. The incident reflected broader ransomware trends targeting healthcare entities in Southern California, where attackers increasingly exfiltrate data before encryption to pressure victims into paying ransoms. Hospital operations were not disrupted, as the breach was confined to the foundation’s database managed externally by Blackbaud.