Cyber Incident Victim: Allina Health
Date:
Sep 2020
Location:
United States of America
Summary
A ransomware attack targeting cloud computing provider Blackbaud potentially compromised personal information of patients and donors across multiple Minnesota healthcare organizations, including Allina Health. The breach exposed names, addresses, and possibly medical data for hundreds of thousands of individuals, with over 200,000 affected at one provider alone. While the healthcare entity asserted the compromised information did not create significant identity theft or financial fraud risks, it advised vigilance regarding medical billing irregularities. The organization confirmed collaborating with Blackbaud to assess the incident's scope and validate remediation efforts to strengthen data security protocols.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2020, Allina Health, along with Children’s Minnesota, Regions Hospital, and Gillette Children’s Specialty Healthcare, notified patients and donors that their personal information may have been compromised due to a ransomware attack targeting Blackbaud, a cloud computing company managing databases for these healthcare providers. The incident exposed data from hundreds of thousands of individuals across the affected organizations, with Allina Health specifically confirming notifications to over 200,000 patients and donors. Blackbaud’s systems were breached, potentially compromising names, addresses, and possibly medical information stored in its databases. Allina Health stated it collaborated with Blackbaud to investigate the ransomware attack’s scope and evaluate the vendor’s security protocols following the incident. While the breach involved sensitive data, Allina Health asserted the compromised information did not create risks for identity theft or financial fraud, according to its breach notice cited by the Star Tribune. Children’s Minnesota, which notified over 160,000 individuals, advised affected parties to monitor medical bills for fraudulent activity.
The healthcare providers relied on Blackbaud’s assurances regarding remediation efforts, with Allina Health expressing confidence that the vendor had implemented appropriate security measures to prevent future incidents. No specific technical details about the ransomware variant, attack vectors, or exact data exfiltration methods were disclosed by the organizations. The incident highlighted third-party risks in healthcare data management, as the breach originated from a service provider rather than the hospitals’ direct systems. Allina Health and Children’s Minnesota issued notifications as a precaution despite Blackbaud’s claim that the stolen data had been destroyed by the attackers. The breach’s impact was confined to potential data exposure, with no reported disruptions to clinical operations or patient care at the affected healthcare facilities.