Rady Children's Hospital is investigating its second data breach in as many years after a software vendor reported that an unauthorized party gained access to files containing personal information of members of its community.
The hospital said that Blackbaud, a company that supplies its fundraising and donor management software, reported the breach occurred between Feb. 7 and June 4, 2020.
Rady Children's did not specify if the breached information belonged to donors or patients, or someone else.
"Although the information may differ for individuals, the incident may have involved the following information: names, addresses, physician, date of admission, department of service, and date of birth. In a minority of instances, procedure name was also involved. Finally, a single financial account number for one individual also was involved," the hospital said.
Blackbaud told Rady Children's there is no indication the information was viewed, and said there is no reason to believe it will be misused or publicized, the hospital said.
Earlier this year, Rady Children's also notified patients to another breach that likely occurred from June 2019 to January 2020 before it was discovered. In the break, more than 2,000 patients may have had their records compromised.
Rady Children’s said it has notified the affected parties and is giving them advice on how to protect their information.
"Any person who receives a letter pertaining to this matter should review the steps outlined in the letter to protect their personal information. These steps may include reviewing account statements, obtaining copies of credit reports, placing fraud alerts on credit reports, and placing security freezes on credit files," the hospital said.
Meanwhile, Blackbaud is working to ensure the affected parties, and their information, are safe. The company has notified the FBI and is also monitoring the dark web for any misuse of the stolen information, according to the hospital.
Anyone with questions can call Rady Children's at 1-877-540-0656, 8 a.m. to 5 p.m.
The FBI warned Americans Wednesday of cyberattacks targeting health care systems, but those campaigns appear to have originated after the breach window given by Blackbaud.