OMAHA, Neb. (KMTV) - Nebraska Methodist Health System is notifying patients of a data breach involving one of its third-party vendors.
The breach involved Blackbaud, which provides customer relationship management and financial services tools for fundraising purposes to thousands of schools, health systems, and non-profits.
On September 21, Methodist learned Blackbaud fell victim to a data security incident involving unauthorized access to Blackbaud systems between Feb. 7, 2020 and May 20, 2020.
Blackbaud said the unauthorized individual may have acquired backup copies of customer databases, including the databases used by the Methodist Hospital Foundation and the Jennie Edmundson Foundation for fundraising efforts.
At that time, Blackbaud didn't say what information may have been involved in the incident. Methodist's investigative team later determined it included some patient information, including names, demographic and contact information, medical record numbers, reasons for visits, treating physicians, treating facilities and/or encounter types.
Social Security numbers, financial account, and credit card account information were not part of the information stored in the Blackbaud database and were not involved in the incident. The incident also did not involve any access to the Nebraska Methodist network or systems.
Blackbaud said they closed the vulnerability that allowed the incident to occur and are taking steps to enhance their security controls. Methodist said it is evaluating its relationship with Blackbaud and its security safeguards.
Methodist mailed letters to patients whose information was contained in the Blackbaud database on December 14. For those with questions about the incident, call 833-971-3260 from 8-5:30 on Monday-Friday.