Cyber Incident Victim: Regions Hospital
Date:
Sep 2020
Location:
United States of America
Summary
A ransomware attack targeting cloud services provider Blackbaud potentially compromised personal information of patients and donors at Regions Hospital and three other Minnesota healthcare organizations. The incident exposed names, addresses, and possibly medical data across hundreds of thousands of affected individuals from the combined healthcare providers. While one impacted organization asserted the breached information didn't create identity theft or financial fraud risks, another advised monitoring medical bills for fraudulent activity. Blackbaud confirmed implementing additional security measures following the attack, which affected multiple nonprofit clients managing healthcare databases.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In September 2020, Regions Hospital and three other Minnesota healthcare providers—Children’s Minnesota, Allina Health, and Gillette Children’s Specialty Healthcare—notified patients and donors that their personal information may have been compromised due to a ransomware attack targeting Blackbaud, a cloud computing company managing their databases. The incident stemmed from Blackbaud’s systems being breached, potentially exposing data across its nonprofit clients. While Blackbaud resolved the ransomware attack before notifying clients, the delay in disclosure meant healthcare providers initiated their own investigations to assess the scope. Regions Hospital and the other organizations confirmed that unauthorized actors accessed Blackbaud’s systems, though the extent of data exfiltration remained unclear. The compromised information included names, addresses, and potentially medical details, though financial data like credit card numbers were not confirmed as exposed. Allina Health alone notified over 200,000 individuals, while Children’s Minnesota alerted more than 160,000, indicating a regional impact affecting hundreds of thousands.
Upon learning of the breach, Regions Hospital and its counterparts collaborated with Blackbaud to evaluate the incident and the vendor’s enhanced security measures. Allina Health publicly stated its security experts reviewed Blackbaud’s protocols and expressed confidence in the corrective actions taken to safeguard data. Children’s Minnesota advised affected patients and donors to monitor medical bills for fraudulent activity, though Allina Health downplayed immediate risks of identity or financial theft, citing the absence of highly sensitive information like Social Security numbers. No disruptions to hospital operations or direct patient care were reported, as the breach was confined to Blackbaud’s third-party systems. The providers issued standardized breach notifications but did not disclose specific forensic findings or whether ransom payments were made by Blackbaud. The incident highlighted supply-chain vulnerabilities in healthcare cloud services, though no subsequent misuse of the exposed data was confirmed in the immediate aftermath.