LEXINGTON, Ky. — A company that provided UK HealthCare with data solution services related to donors and philanthropy between 2015 and 2019 has notified the provider it had a data breach affecting some of its clients information not including medical records themselves.
UK HealthCare announced Tuesday it will begin notifying about 163,000 donors and patients about a security incident experienced by a third-party vendor called Blackbaud.
Blackbaud notified UK HealthCare on July 16, 2020 , that some data was acquired by an unauthorized individual between Feb. 7, 2020, and May 20, 2020. After being notified, UK HealthCare took steps to understand the extent of the incident and the data involved. Data may have included first and last name, address, date of birth, medical record number, admission date, attending physician and area of service for care.
This incident did not involve access to any medical records, only the listed elements above. No credit card information, bank account information or social security numbers were provided by UK HealthCare to Blackbaud and therefore the cybercriminals had no access to this information.
Blackbaud’s data security incident has affected more than 25,000 nonprofit organizations worldwide including libraries, arts foundations, higher education and health care organizations that use Blackbaud’s products.
“Protecting the security of information belonging to our donors, patients and any individuals whose information is entrusted to us is of the utmost importance,” said Richard Chapman, UK HealthCare chief privacy officer. “Our health system has strict policies and procedures in place to protect patient information, and we are currently undertaking additional steps to reinforce those measures.”
UK HealthCare recommends affected patients review statements they receive from their health care providers. If they see services they did not receive, they should contact the provider immediately.
For more information or questions about the incident, call (866) 968-0161.