Cyber Incident Victim: Stony Brook University Hospital
Date:
May 2020
Location:
United States of America
Summary
Stony Brook University Hospital was impacted by a ransomware attack targeting Blackbaud, a third-party cloud service provider handling donor and patient data. The attackers exfiltrated unencrypted information due to Blackbaud's failure to secure certain fields, potentially exposing sensitive details including Social Security numbers, bank account information, government IDs, and philanthropic records. The breach stemmed from Blackbaud's security oversight, leaving data vulnerable despite claims that encrypted fields remained protected. Multiple organizations relying on Blackbaud discovered inconsistencies between initial assurances and their own investigations, revealing broader exposure of unsecured personal and financial data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A significant cyber incident occurred when a ransomware attack was launched against Blackbaud, a cloud-based software company that provides services to various non-profit organizations and universities. The attackers were able to access and exfiltrate sensitive data, including names, addresses, phone numbers, and financial information, belonging to the affected organizations. The breach was initially downplayed by Blackbaud, but subsequent investigations revealed the scope of the incident.
The attackers, who have not been identified, used ransomware to gain unauthorized access to Blackbaud's systems. Ransomware is a type of malware that encrypts a victim's files and demands a ransom in exchange for the decryption key. In this case, the attackers were able to access and exfiltrate sensitive data, which was not encrypted, leaving it vulnerable to exploitation. The attackers also demanded a ransom from Blackbaud, which was reportedly paid.
The breach was discovered in May, and Blackbaud initially notified its customers that no sensitive information had been accessed or exfiltrated. However, subsequent investigations revealed that this was not the case. In fact, the attackers had accessed and exfiltrated sensitive data, including Social Security numbers, bank account information, and credit card numbers. The breach affected numerous non-profit organizations and universities that use Blackbaud's services.
The incident highlights the importance of encryption and data protection. Blackbaud's failure to encrypt sensitive data left it vulnerable to exploitation. The company's decision to pay the ransom also raises questions about the effectiveness of this approach in preventing future breaches. The incident also underscores the need for transparency and timely notification in the event of a breach.
The affected organizations have been notified, and many have issued statements informing their donors and supporters about the breach. Some organizations have also offered credit monitoring services to those who may have been affected. The incident has sparked concerns about the security of sensitive data and the need for organizations to prioritize data protection.
The breach has also raised questions about the role of third-party vendors in data breaches. Blackbaud is a third-party vendor that provides services to numerous non-profit organizations and universities. The incident highlights the importance of carefully vetting third-party vendors and ensuring that they have adequate security measures in place.
The incident is a reminder that data breaches can have serious consequences for organizations and individuals. The breach has caused concern and uncertainty among donors and supporters of the affected organizations. It has also highlighted the need for organizations to prioritize data protection and to be transparent in the event of a breach.
The investigation into the breach is ongoing, and it is unclear what steps Blackbaud and the affected organizations will take to prevent similar incidents in the future. However, the incident serves as a reminder of the importance of data protection and the need for organizations to prioritize the security of sensitive data.
The breach has also sparked concerns about the use of ransomware and the effectiveness of paying ransoms in preventing future breaches. The incident highlights the need for organizations to have robust security measures in place to prevent breaches and to be prepared to respond in the event of a breach.
The affected organizations are working to notify those who may have been affected and to provide support to those who may have been impacted. The incident has caused concern and uncertainty among donors and supporters, and it is unclear what the long-term consequences of the breach will be.
The incident is a reminder that data breaches can have serious consequences for organizations and individuals. The breach has highlighted the need for organizations to prioritize data protection and to be transparent in the event of a breach. It has also underscored the importance of encryption and data protection in preventing breaches.
The investigation into the breach is ongoing, and it is unclear what steps Blackbaud and the affected organizations will take to prevent similar incidents in the future. However, the incident serves as a reminder of the importance of data protection and the need for organizations to prioritize the security of sensitive data.
The breach has also raised questions about the role of regulators in preventing data breaches. The incident highlights the need for regulators to ensure that organizations have adequate security measures in place to protect sensitive data.
The incident is a reminder that data breaches can have serious consequences for organizations and individuals. The breach has highlighted the need for organizations to prioritize data protection and to be transparent in the event of a breach. It has also underscored the importance of encryption and data protection in preventing breaches.
The affected organizations are working to notify those who may have been affected and to provide support to those who may have been impacted. The incident has caused concern and uncertainty among donors and supporters, and it is unclear what the long-term consequences of the breach will be.
The breach has also sparked concerns about the security of sensitive data and the need for organizations to prioritize data protection. The incident highlights the importance of encryption and data protection in preventing breaches.
The investigation into the breach is ongoing, and it is unclear what steps Blackbaud and the affected organizations will take to prevent similar incidents in the future. However, the incident serves as a reminder of the importance of data protection and the need for organizations to prioritize the security of sensitive data.
The breach has also