Menu
Browse

Cyber Incident Victim: Roper St. Francis Healthcare

Date:

Feb 2020

Location:

United States of America

Summary

Roper St. Francis Healthcare notified almost 93,000 patients of a data security breach involving Blackbaud after the vendor reported that an unauthorized party accessed its systems and obtained a backup copy of the fundraising database. The accessed information may have included patients’ names, ages, genders, dates of birth, addresses, dates of treatment, departments of service and treating physicians, while Social Security numbers, financial account and credit card data remained encrypted and unavailable to the intruder. The breach did not affect medical records or electronic health systems, and the organization has set up a call center for affected individuals and is reviewing its third‑party vendor data storage practices.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actors Type Location
0 actors Available to members Available to members

Description

On July 31, 2020, Blackbaud notified Roper St. Francis Healthcare that an unauthorized party had gained access to its systems between February 7 and May 20, 2020. The healthcare provider subsequently informed nearly 93,000 patients of a data security breach linked to the Blackbaud incident. According to the notification, the unauthorized access involved a backup copy of the database that manages fundraising information for the Roper St. Francis Foundations. Roper St. Francis Healthcare emphasized that the breach did not affect its medical systems or electronic health records. The notification was issued after the healthcare organization received the alert from Blackbaud and began its internal review.

Cyber Incident Image

The fundraising database that was accessed may have contained patients' names, ages, genders, dates of birth, addresses, dates of treatment, departments of service, and the names of treating physicians. Blackbaud stated that Social Security numbers, financial account information, and credit card data were encrypted and therefore not accessible to the unauthorized party. Roper St. Francis Healthcare confirmed that no medical or clinical data were compromised in the incident. The scope of the exposure was limited to fundraising-related information maintained by the foundation.

In response to the breach, Roper St. Francis Healthcare established a dedicated call center reachable at 1-866-938-0447, operating Monday through Friday from 9 a.m. to 6:30 p.m. to address patient inquiries. The organization also began reviewing how information is stored with third-party vendors and is re-evaluating its relationship with Blackbaud. These steps were taken to mitigate the risk of similar incidents occurring in the future. No further details about additional remedial measures were provided in the source material.

Sources
Sources available to members
1 source