Main Line Health announced today that it is mailing letters to its donors advising them of a data security incident that occurred at one of its vendors, Blackbaud, Inc. (“Blackbaud”). Blackbaud provides cloud-based and data solutions related to Main Line Health’s fundraising. Main Line Health began mailing letters on August 21, 2020. The affected database includes information about donors, potential donors, patients who our Development Department believes may want to support its health care mission, and others in the community with whom we have relationships.
On July 16, 2020, Blackbaud informed us that Blackbaud discovered that an unauthorized individual had gained access to Blackbaud’s systems between February 7 and May 20, 2020. Blackbaud further advised that the unauthorized individual may have acquired a backup of the database that manages the donor information. We immediately took steps to understand the extent of the incident and the data involved.
The incident did not affect all of our patient information nor all of our donor files; rather it affected the Research Point donor/fundraising database at Blackbaud. Blackbaud informed us that the donor database that was accessed by the unauthorized individual consisted of some or all of the patient donors or prospective donors’ names, ages, genders, dates of birth, medical record numbers, date(s) of treatment, department(s) of service and treating physicians.
Blackbaud advised that Social Security numbers and bank and credit card account numbers were not in the Main Line Health file and therefore were not involved in the incident. The incident did not involve any access to our medical systems or electronic health records. We have established a dedicated call center to answer any questions about this incident, at 1-888-920-0360 Monday through Friday, at 8:00 a.m. to 5:30 p.m. Central Time (excluding major U.S. holidays). We recommend that you review any statements you receive from health care providers. If services appear that you did not receive, you should promptly contact the provider.
We are continuing to explore all options going forward to avoid this from occurring in the future, including revisiting our relationship with Blackbaud, and reviewing the scope and protections for information stored with third-party vendors.