Publish date:

Thousands of MN hospital patients' information possibly exposed in data breach

A vendor four Minnesota hospitals use for their foundations experienced a ransomware attack in July.

Information about patients at several Minnesota hospitals may have been exposed in a data breach involving a third-party vendor they all use.

Children's Hospitals and Clinics of Minnesota sent a letter to families who may have been impacted by the data breach, informing them that a variety of personal information may have been involved in the breach at Blackbaud, Inc., earlier this year. 

Patients' Social Security Numbers were not revealed, according to the letter, but Children's Minnesota recommends people review any statements they've received from their healthcare providers and if something doesn't seem right, they should contact their provider right away, a news release says. 

Three other health care providers in the state – Allina Health, Regions Hospital and Gillette Children's Specialty Healthcare – have also mailed letters this month to impacted families about the breach, the Star Tribune reports.

All the hospitals use Blackbaud, Inc. for their charitable foundations.

In Minnesota, 160,268 people who received care at Children's Minnesota may have been impacted by the breach, according to records by the federal Office for Civil Rights, making it the second-largest health data breach ever in the state. The largest exposed information about more than 1 million people when Optum360's network server was hacked, the records show.

The Star Tribune says 52,795 patients at Regions Hospital in St. Paul were impacted. The number of people impacted at Allina and Gillette hasn't been shared. 

According to Blackbaud's website, it provides software solutions for faith communities, foundations, K-12 schools, nonprofits and others. Other children's hospitals and health care systems around the country recently informed patients of the breach as well, media reports show.

In total, more than 3 million people across the country were impacted by the breach, the Star Tribune says. 

Children's Minnesota said Blackbaud informed it in July that an "unauthorized individual" accessed its systems between Feb. 7 and May 20 of this year. In doing so, they may have gotten backup copies of a database the foundation uses for fundraising efforts, which had information that includes patient's full names, addresses, phone numbers, ages, dates of birth, genders, medical record numbers, dates of treatment, locations of treatment, names of doctors and health insurance status. 

Social Security Numbers are not part of the information the foundation stores on Blackbaud, so they were not exposed during the incident, Children's Minnesota says. The breach also does not involve "any access to our medical systems or electronic health records."

Blackbaud said in a July news release that it stopped a ransomware attack, but prior to "locking the cybercriminal out, the cybercriminal removed a copy of a subset of data from our self-hosted environment."

"Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused; or will be disseminated or otherwise made available publicly," the release said. 

Children's Minnesota says it takes this incident "very seriously" and it is evaluating its arrangement with Blackbaud and its security safeguards to help prevent something like this from happening again. 

BMTN has reached out to the other hospitals for comment. 

Next Up

mickey moore driver's license shared

Beleaguered Ward 9 city council candidate loses Strib endorsement

Mickey Moore has faced questions in recent days about where he actually lives.

CDC biohazard scientist health work

New clue may explain how rare tropical disease sickened Minnesotan

The disease, known as melioidosis, killed 2 people earlier this year.

Sen Mark Koran crop

MN lawmaker encourages donations for locals charged in Jan. 6 insurrection

"They are a good family!" Sen. Mark Koran wrote Friday.


Money Gal Coaching: Mastering the spiritual parts of money

Kelly Blodgett used her passion behind becoming debt free to launch Money Gal Coaching.

University of minnesota sign

U of M will now require proof that employees have been vaccinated for COVID

Previously, only students were required to be vaccinated.

Jim Hagedorn

Report reveals details about ethics investigation into Rep. Hagedorn

The congressman described the report's findings as "unfounded conclusions."


SkyWest cancels hundreds of flights due to server error

More than 80 have been canceled at MSP Airport.


First elk in more than 100 years spotted in parts of southern WI

The elk population was reintroduced to Wisconsin in recent decades.

grand marais

10 beautiful Minnesota cities to visit for outdoor adventures

These places are perfect for a day trip or a weekend getaway.


Data breach at MN health provider may have left 50,000 patients exposed

Alomere Health in Alexandria informed patients last week.

minneapolis parking meter

Minneapolis parking app experienced data breach in March

No credit card information was accessed in the breach.

Payment information accessed in Delta data breach

Delta says a 3rd party company was breached in the fall.

Dunn brothers

Data breach impacts card users at Dunn Bros., Sebastian Joe's

A Minnesota company that provides point-of-sale services has confirmed a breach.