Cyber Incident Victim: Children's Minnesota

In September 2020, Children’s Minnesota and three other healthcare providers—Allina Health, Regions Hospital, and Gillette Children’s Specialty Healthcare—notified patients and donors that their personal information may have been compromised due to a ransomware attack targeting Blackbaud, a cloud computing company managing their databases. The incident impacted hundreds of thousands of individuals, with over 160,000 patients and donors at Children’s Minnesota alone receiving breach notifications. Blackbaud, which provides data management services to nonprofits, experienced a ransomware attack that potentially exposed sensitive information stored in its systems. Upon learning of the incident, the affected healthcare organizations collaborated with Blackbaud to investigate the scope of the breach and evaluate the vendor’s security protocols. Allina Health publicly stated its security experts had reviewed Blackbaud’s remedial actions and expressed confidence in the company’s enhanced protective measures against future incidents.

The compromised data included names, addresses, and potentially medical information, though Allina Health asserted this information did not create immediate risks for identity theft or financial fraud. Children’s Minnesota advised affected individuals to monitor their medical bills for signs of fraudulent activity as a precautionary measure. The breach notifications were issued broadly across the four healthcare providers, with Allina Health confirming more than 200,000 of its patients and donors were impacted. No specific details were disclosed regarding the ransomware variant used, the exact timeline of the attack, or whether patient medical records were accessed beyond basic demographic information. The healthcare organizations relied on Blackbaud’s incident response and did not report independent containment actions beyond assessing the vendor’s security improvements.