CRIME

78,000 patients and donors affected by Blackbaud data breach: Bayhealth

Shannon Marvel McNaught
Sussex Countian

Bayhealth has notified 78,000 patients and donors that their information was involved in a Blackbaud data breach.

Blackbaud is a Charleston, South Carolina-based company which provides cloud computing systems for many nonprofit organizations. The company discovered in May that it had suffered a ransomware attack. HealthITSecurity.com reports over 6 million people were affected.

"The cybercriminal may have accessed some unencrypted fields intended for bank account information, social security numbers, usernames and/or passwords," the company wrote in a U.S. Securities and Exchange Commission report.

More:'Delayed seat assignments' as 2021 Delaware State Fair announces music acts early

Customers believed to have had this particularly sensitive information exposed were notified the week of Sept. 27, according to Blackbaud's website.

Bayhealth has campuses in Milford and Dover.

Spokeswoman Danielle Pro-Hudson said in a press release that, after examining the compromised database, the Bayhealth information affected did not include credit card or bank account information or Social Security numbers. It also did not include Bayhealth medical systems or electronic health records.

Letters were sent in early November to those potentially impacted. 

More:Bayhealth physician receives Sussex EMS Physician of the Year Award

More:Department of Correction suspends in-person visitation as COVID-19 cases rise in Delaware

"The compromised data may have included information about a hospitalization such as physician name or department of hospital service. Additionally, publicly available information such as name, gender, mailing address, email address and phone number may have been viewed," Pro-Hudson said. 

ChristianaCare was impacted by the Blackbaud breach, as well. They announced in September that almost 27,000 patients and donors may have been involved.

ChristianaCare also said their affected data did not include financial account information, Social Security numbers or patient records.

Related:ChristianaCare to notify more than 26,000 patients and others of Blackbaud security breach