Long Island’s only tertiary care center and Regional Trauma Center has issued a warning to patients that their personal data may have been exposed as a result of a ransomware attack.
Stony Brook University Hospital has contacted patients by letter to notify them of a possible data breach following an attack on the hospital’s third-party vendor Blackbaud in May 2020.
Blackbaud is a communications and fundraising software provider for nonprofits, universities, healthcare organizations, foundations, and other entities worldwide.
Stony Brook was notified by Blackbaud on July 17 that “patient information may have been involved in a security incident on Blackbaud’s systems.”
Hospital patients have been warned that data that was on the Blackbaud systems affected by the cyber-attack may have included their name, date of birth, address, contact information, attending doctor, insurance provider, and medical service department.
“Stony Brook did not provide your Social Security number, bank account information or credit card number to Blackbaud, and so these types of information were not in Stony Brook’s files on the potentially affected systems,” the hospital told patients in a notification uploaded to its website.
Blackbaud assured the hospital that data stolen in the attack was destroyed and not used, sold, or distributed.
The healthcare provider said: “Based on statements from Blackbaud, we have no reason to believe that the information involved in this incident has been misused.”
The 624-bed hospital emphasized that the attack on Blackbaud did not involve access to any Stony Brook systems, including medical systems or electronic health records.
Stony Brook said that it will individually notify “potentially impacted patients for whom it has a valid mailing address.” It did not say how it intended to contact patients who did not have a valid mailing address.
Patients have been advised to regularly monitor any statements that they receive from their health plans or healthcare providers and check for any unfamiliar healthcare services.
Stony Brook said: “We are evaluating additional security measures and continue to conduct appropriate oversight of our vendors to help ensure this does not happen in the future.”