We’re reaching out to let you know that one of our technology partners, Blackbaud, Inc., recently notified us of a data security event. Blackbaud is a global leader in nonprofit engagement and fundraising technology with more than 25,000 institutional customers around the world, including Sarasota Memorial Healthcare Foundation (“SMHF”). Upon receiving notice of the cyber incident, we immediately commenced an investigation to better understand the nature and scope of the incident and any impact on SMHF data. This investigation involves working diligently to gather further information from Blackbaud and review potentially affected data to understand the scope of the incident.
At this time, Blackbaud has reported the following details about a ransomware incident experienced in May 2020. First, the incident resulted in the encryption of certain Blackbaud systems and did not impact any SMHF computer systems. Blackbaud notified law enforcement of this incident and worked with forensic experts to investigate. Following its investigation, Blackbaud notified its customers that a cybercriminal may have accessed or acquired certain Blackbaud customer data. Blackbaud has reported that data was extracted by the cybercriminal at some point before Blackbaud locked the cybercriminal out of the environment on May 20, 2020. This prompted Blackbaud to pay the cybercriminal’s ransom once they received confirmation that the copied data would be destroyed. It is possible that donor data such as contact and demographic information as well as details of relationships with SMHF — including gift dates and amounts — may have been exposed. Based on the nature of the incident and third-party investigations, including by law enforcement, Blackbaud shared that they have no reason to believe that any data was or will be misused, disseminated or made public.
Upon learning of the Blackbaud incident, SMHF immediately began its own investigation through the engagement of a data privacy and security law firm to determine what, if any, sensitive SMHF data was potentially involved. We are currently seeking further information from Blackbaud and reviewing the data stored by Blackbaud to determine if the information potentially affected may have contained sensitive information of our donors. Should it be determined that this incident impacted the security of your sensitive personal information, we will move quickly to take all appropriate action. Please note that, to date, we have not received any information from Blackbaud that any SMHF donor information was specifically accessed or acquired by the cybercriminal.
The confidentiality, privacy, and security of information in our care are among our highest priorities, and we take this incident very seriously.
We understand that you may have questions about the Blackbaud incident that are not addressed in this email. If you have additional questions, please contact us at (941) 917-1286. Additional details are available on the Blackbaud website.
We sincerely regret any inconvenience or concern this incident has caused.
President, Sarasota Memorial Healthcare Foundation