The Summa Foundation was recently notified of a security incident by one of our software vendors, Blackbaud. Below is a summary of what we know about the incident and the actions we have taken to confirm that the incident did not affect our donors.
What happened?
Blackbaud is one of the world’s largest providers of software and data management services related to fundraising for non-profit organizations and universities. Blackbaud experienced a ransomware attack on its infrastructure between February 7, 2020, and May 20, 2020 during which cybercriminals accessed and extracted some of Blackbaud’s client files in order to extort funds from them. Blackbaud ultimately paid the cybercriminal’s demand and received confirmation that the information extracted by the cybercriminals had been destroyed. Upon learning of the incident, The Summa Foundation immediately reviewed the Blackbaud notification and requested additional information to understand the extent of the incident and the data involved.
What information was involved?
According to Blackbaud, publicly available information from the Summa Foundation’s donor databases such as names (including spousal names), addresses, phone numbers, email addresses, dates of birth, and gender may have been accessed during the incident. Blackbaud has advised that the cybercriminals were not able to access any sensitive personal or financial data, such as credit card information, bank information, or Social Security numbers of Summa’s donors.
What we are doing:
The Summa Foundation is continuing to monitor the situation, including Blackbaud’s response and mitigation efforts. Blackbaud has stated that it has implemented several changes to better protect its clients’ information going forward. For additional details about Blackbaud’s response, please visit www.blackbaud.com/securityincident.
What you can do:
While we do not believe this incident resulted in a compromise of your personal or financial data, we would like to take this opportunity to remind you to be vigilant about protecting yourself from fraudulent communications such as phishing emails and phone calls, and that you take steps to prevent unauthorized access to your own data by using strong passwords, never sharing your passwords with anyone, and regularly monitoring your credit reports for signs of identity theft.
Please be assured that we take data protection very seriously and are grateful for your continued support of Summa Health. If you have questions or concerns, please call the Summa Foundation office at 330.375.3159.
