Skip to main content

Thousands of MN hospital patients' information possibly exposed in data breach

A vendor four Minnesota hospitals use for their foundations experienced a ransomware attack in July.

Information about patients at several Minnesota hospitals may have been exposed in a data breach involving a third-party vendor they all use.

Children's Hospitals and Clinics of Minnesota sent a letter to families who may have been impacted by the data breach, informing them that a variety of personal information may have been involved in the breach at Blackbaud, Inc., earlier this year. 

Patients' Social Security Numbers were not revealed, according to the letter, but Children's Minnesota recommends people review any statements they've received from their healthcare providers and if something doesn't seem right, they should contact their provider right away, a news release says. 

Three other health care providers in the state – Allina Health, Regions Hospital and Gillette Children's Specialty Healthcare – have also mailed letters this month to impacted families about the breach, the Star Tribune reports.

All the hospitals use Blackbaud, Inc. for their charitable foundations.

In Minnesota, 160,268 people who received care at Children's Minnesota may have been impacted by the breach, according to records by the federal Office for Civil Rights, making it the second-largest health data breach ever in the state. The largest exposed information about more than 1 million people when Optum360's network server was hacked, the records show.

The Star Tribune says 52,795 patients at Regions Hospital in St. Paul were impacted. The number of people impacted at Allina and Gillette hasn't been shared. 

According to Blackbaud's website, it provides software solutions for faith communities, foundations, K-12 schools, nonprofits and others. Other children's hospitals and health care systems around the country recently informed patients of the breach as well, media reports show.

In total, more than 3 million people across the country were impacted by the breach, the Star Tribune says. 

Children's Minnesota said Blackbaud informed it in July that an "unauthorized individual" accessed its systems between Feb. 7 and May 20 of this year. In doing so, they may have gotten backup copies of a database the foundation uses for fundraising efforts, which had information that includes patient's full names, addresses, phone numbers, ages, dates of birth, genders, medical record numbers, dates of treatment, locations of treatment, names of doctors and health insurance status. 

Social Security Numbers are not part of the information the foundation stores on Blackbaud, so they were not exposed during the incident, Children's Minnesota says. The breach also does not involve "any access to our medical systems or electronic health records."

Blackbaud said in a July news release that it stopped a ransomware attack, but prior to "locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment."

"Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly," the release said. 

Children's Minnesota says it takes this incident "very seriously" and it is evaluating its arrangement with Blackbaud and its security safeguards to help prevent something like this from happening again. 

BMTN has reached out to the other hospitals for comment. 

Next Up

ambulance

Body found in burned out car near Bird Island identified as local farmer

The deceased is a 59-year-old man from rural Bird Island.

Screen Shot 2022-12-06 at 2.47.44 PM

Minneapolis' Khâluna named in Eater's 2022 'Best New Restaurants'

The restaurant, opened in 2021, is known for its Laotian cuisine.

ambulance, crash

3 pedestrians struck by drivers Monday in Minnesota; 2 dead

The victims involved a 39-year-old man and two 74-year-old men.

snow, plow

Shifting storm tracks: Significant storms Friday, next week?

Sven Sundgaard has the details on an interesting forecast.

Life Link

Worker suffers serious injury in rooftop fall in rural Minnesota

The man only fell a few feet, but suffered a serious leg injury.

Walz, Flanagan

Minnesota reports massive projected budget surplus of $17.6 billion

The huge surplus comes as the DFL prepares to assume a trifecta of the Legislature and the Governor's House.

tap-gf9a40b157_1280

Boil water advisory issued for part of Minneapolis after water main break

The main break caused significant flooding in an area of North Minneapolis Monday evening.

PicketSignsNurseStrike

Deals struck between nursing union and hospitals, potentially averting strike

A strike was scheduled to start on Dec. 11 if a deal was not reached.

Minnesota Solar Installation - All Energy Solar

Make the Most of your Solar Panels with Energy Storage

Solar energy is great during the day, but what happens when the sun goes down?

Related

Data breach at MN health provider may have left 50,000 patients exposed

Alomere Health in Alexandria informed patients last week.

minneapolis parking meter

Minneapolis parking app experienced data breach in March

No credit card information was accessed in the breach.

Payment information accessed in Delta data breach

Delta says a 3rd party company was breached in the fall.

Dunn brothers

Data breach impacts card users at Dunn Bros., Sebastian Joe's

A Minnesota company that provides point-of-sale services has confirmed a breach.