SAYRE — Blackbaud, an international vendor specializing in philanthropy services for not-for-profits, experienced a cyber security incident, earlier this year, affecting organizations worldwide, including Guthrie. Guthrie announced today that it has begun notifying some of its patients whose data may have been part of the Blackbaud incident, consistent with federal and state law.
Blackbaud informed Guthrie on July 16, 2020 that an unauthorized individual(s) had gained access to Blackbaud’s systems between Feb. 7 and May 20, 2020, and a backup file containing Guthrie information may have been part of the data acquired by the unauthorized persons. Guthrie immediately took steps to understand the extent of the incident and the data involved. Based on a thorough investigation, it is believed that the backup file that was acquired contained information pertaining to some Guthrie patients, including patient name(s), contact information, age, gender, date(s) of treatment, department(s) of service, treating physician(s), and health insurance status.
Importantly, Blackbaud has informed Guthrie that financial and credit card account information were encrypted, and therefore not accessed by the unauthorized individual. Social Security numbers were not in the data shared with Blackbaud. Also, this incident did not involve any access to diagnosis or treatment plans in any Guthrie medical systems or electronic health records.
Guthrie President and CEO, Dr. Joseph Scopelliti said,