Cyber Incident Victim: Saint Alphonsus Hospital

In September 2020, Trinity Health, the parent organization of Saint Alphonsus Hospital system, publicly disclosed a data breach potentially compromising patient and donor information. The incident stemmed from a cyberattack targeting Blackbaud, a third-party provider responsible for operating and maintaining Trinity Health’s network infrastructure. Blackbaud confirmed unauthorized actors may have accessed personal data stored within its systems, though the specific timeline of the intrusion and duration of unauthorized access were not detailed in public statements. Trinity Health initiated formal notifications to affected patients and donors via U.S. mail starting September 14, 2020, with plans to continue outreach until all impacted individuals received communication. The organization acknowledged the breach involved sensitive information but did not enumerate specific data elements beyond broadly referencing "personal information." No evidence suggested misuse of the compromised data at the time of disclosure.

Trinity Health collaborated with Blackbaud to implement additional security measures following the breach, though technical specifics regarding containment or forensic investigations were not disclosed. Public communications emphasized ongoing coordination between the entities to strengthen data protections under Blackbaud’s management. The hospital system issued a formal apology to patients and donors, expressing regret for the incident and any resulting concerns or inconveniences. Notifications directed affected parties to a dedicated informational resource for further details but did not outline identity protection services or regulatory reporting actions. The statement concluded by reaffirming Trinity Health’s commitment to its mission while acknowledging community support during the incident. No operational disruptions or clinical care impacts were reported in connection with the breach.