Burke Rehabilitation Hospital Addresses Blackbaud Security Incident

Burke Rehabilitation Hospital, a member of the Montefiore Health System, announced that it is mailing letters to some patients alerting them of a data security incident that occurred at one of its vendors, Blackbaud, Inc.

Blackbaud provides software and cloud-based storage solutions for Burke and numerous other non-profit organizations related to fund raising efforts.

In the Blackbaud incident, an individual hacked into Blackbaud’s systems and took copies of customer databases in order to extort ransom. According to Blackbaud, ransom was paid and the data were destroyed.

Per Blackbaud, the incident occurred between February 7, 2020 and May 20, 2020. The Privacy Office at Burke was first made aware of the incident on July 27, 2020, and since then Burke has been communicating with Blackbaud to better understand the nature and the extent of the incident and what information was involved.

Burke determined that the affected database contained some patient information, including patient names, addresses, names of treating physicians, date(s) of service, clinical department and potentially date of birth and reason for visit. To date there is no evidence that this data has been misused.

Individual’s Social Security number, credit card information and financial account information were not affected by this incident, and the incident did not involve any access to Burke’s medical record systems.

Burke has set up a dedicated call center to answer questions about this incident. IT recommends that patients carefully review any communication from their providers and immediately initiate direct contact regarding any questionable services, billing or requests for information.

Protecting privacy is one of Burke’s top priorities. To help prevent something like this from happening again, Burke is examining their vendor relationship with Blackbaud and evaluating their security safeguards.