Inova Health Systems has notified customers that it was hit by a ransomware attack through a third-party vendor. Blackbaud, a vendor that provides fundraising support to nonprofit organizations, was itself hit by an attack that resulted in Inova data being exfiltrated from the Blackbaud servers.
According to Blackbaud, data was exfiltrated between February 7, 2020, and May 20, 2020. The exfiltration was part of a ransomware attack that did not succeed in encrypting significant data at Blackbaud. Ultimately, though, the company says that it paid a ransom in order to have the exfiltrated data destroyed, which it says was done.
The exfiltrated data included personally identifiable information on patients and donors to Inova, though it did not include Social Security numbers or payment information. Blackbaud says that it has remediated the vulnerability that allowed the attack, and that its data is now safe.
For more, read here.