Notice of Privacy Incident
Home >  Notice of Privacy Incident

Montefiore Notifies Individuals Affected by Blackbaud Cyberattack

Montefiore Medical Center announced on September 14, 2020 that it is mailing letters to some patients alerting them of a data security breach involving one of its vendors, Blackbaud, Inc. (“Blackbaud”). Blackbaud provides software and cloud-based data storage solutions for Montefiore.

In the Blackbaud Cyberattack, an individual illegally hacked into its systems and took copies of customer databases in order to extort ransom. According to Blackbaud, ransom was paid and the data was destroyed.

The incident occurred between February 7, 2020 and May 20, 2020. Blackbaud first notified Montefiore on July 16, 2020, and since then Montefiore has been communicating with Blackbaud to better understand the nature and the extent of the breach.

This incident exposed names, addresses, names of treating physician(s), date(s) of service, and clinical department(s) for a group of patients whose information was stored in the Blackbaud database.

Social Security numbers and financial account information were not compromised by this incident, and this did not involve any access to Montefiore’s medical records

Montefiore has set up a dedicated call center to answer questions about this incident, at
833-755-1027, between 9 am - 9 pm Eastern Time, Monday through Friday, except holidays. Montefiore recommends that patients carefully review any communication from their providers and immediately initiate direct contact regarding any questionable services, billing or requests for information.

Protecting privacy is one of Montefiore’s top priorities. To help prevent something like this from happening again, Montefiore is reviewing the way secure information is stored with Blackbaud and is evaluating Blackbaud’s safeguards.