Texas Children's Hospital says some donor information involved in ransomware attack

KTRK logo
Tuesday, September 15, 2020
Texas Children's info involved in ransomware attack
A ransomware attack involving Texas Children's Hospital has been revealed. The video breaks down what happened.

HOUSTON, Texas (KTRK) -- Texas Children's Hospital said some patients' information may have been exposed after a ransomware attack earlier this year involving a vendor's database.

The hospital said Blackbaud, the company that hosts its fundraising database, was the victim of a ransomware attack. Blackbaud notified Texas Children's of the issue on July 16.

The attack involved unauthorized access to Blackbaud's system between Feb. 7 and March 20.

Before the systems were secured, the hospital said the attackers "removed a copy of a subset of data relating to many Blackbaud customers, including a backup of the hospital's donor database." The attackers then demanded a ransom, which Blackbaud paid, in return for destroying the information they had stolen.

According to the hospital, Blackbaud confirmed the copy was destroyed and immediately took steps to stop the attack and secure their systems.

Texas Children's said Blackbaud does not have evidence or reason to believe the attackers maintained a copy of the hospital's database or publicly released any data.

What did Texas Children's do after the breach?

The hospital said that when it learned about the breach, it started an investigation. It found that certain free text fields in the database may have contained certain patients' names, dates of birth, department(s) of service, treating physician, and/or limited clinical information.

The incident did not affect all patient information. It was limited to certain fields in the Texas Children's fundraising database. The attack did not involve access to medical systems, electronic health records or financial records.

No patients' Social Security numbers or financial information were involved, the hospital said.

How do I know if I was affected?

Texas Children's said it mailed letters to those patients whose information was contained in the Blackbaud database on Monday.

It recommended that patients review the statements they receive from health care providers, as well as contact providers if they see services they did not receive.

What if I have questions?

A dedicated call center to answer questions regarding the incident has also been set up. You can call 1-888-604-0161, Monday through Friday, 8 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays.

What is Texas Children's Hospital going to do next?

The hospital said it is taking steps to reduce the risk of an incident like this happening again and to protect Texas Children's information.

Its information technology team is now reviewing Blackbaud's security enhancements.

"We are also reviewing our policies, procedures and systems to enhance the security of information contained in our database," the hospital wrote in a statement on the matter.

Texas Children's said it was one of thousands of hospitals, health care systems and other nonprofit organizations affected by the breach.

You can read the full announcement about the ransomware attack on the Texas Children's Hospital website.