Unedited Press Release:
September 14, 2020
Contact: Gary Mans
USA Health Addresses Blackbaud Data Security Incident
University of South Alabama Health (“USA Health”) announced today that it is mailing letters to some of its patients advising them of a data security incident that occurred at one of its vendors, Blackbaud, Inc. (“Blackbaud”). Blackbaud is a third-party vendor that provides USA Health with data solution services relating to USA Health’s relationship management system, which is used for fundraising-related communications and activities.
On July 16, 2020, Blackbaud informed USA Health it had discovered that an unauthorized individual had gained access to Blackbaud’s systems between February 7 and May 20, 2020. Blackbaud advised that the unauthorized individual may have acquired backup copies of databases used by Blackbaud’s customers, including a backup of the database containing USA Health’s information. Upon learning about this incident, USA Health immediately took steps to understand the extent of the incident and the data involved.
Based on USA Health’s review of the affected database, USA Health has reason to believe that it may have contained patient names, addresses, phone numbers, email addresses, dates of birth, gender, health insurer names, facility locations, dates of service, attending physician names, nursing stations/clinics, and/or the names, contact information and employers for insurance guarantors.
Importantly, USA Health did not use the Blackbaud database to store Social Security numbers or any financial or credit card information, and therefore that information was not involved in the incident. Also, this incident did not involve any access to USA Health medical systems or electronic health records.
USA Health has established a dedicated call center to answer any questions about this incident, at (888) 977-0619, Monday through Friday, 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays. At this time, there is no evidence of misuse of the information involved in this event. However, for any affected patients, USA Health recommends that they review the statements they receive from their healthcare providers. If they see services they did not receive, they should contact the provider immediately.
USA Health takes this matter very seriously and regrets any concern this incident may cause. To prevent something like this from happening again, USA Health has discontinued sending data to Blackbaud until USA Health is provided with written assurances that Blackbaud is adhering to appropriate administrative, physical and technical data safeguards.
- Here’s when you can see the ‘Christmas Star’ for the first time in 800 years
- Teacher wins 2-year, rent-free lease in Kansas City luxury apartment
- US adds 245,000 jobs as virus threatens the economy’s slow comeback
- Trooper-shooting suspect killed in NY shootout with US marshals
- Texas high school football player attacks referee