Oct. 29, 2020
Rady Children’s recently learned of an incident that one of our third-party service providers, Blackbaud, experienced, which involved information about members of the Rady Children’s Hospital-San Diego community. Blackbaud is a company that supplies fundraising and donor management software to Rady Children’s. Upon learning of the incident, we immediately launched an investigation to determine what happened and whether any personal information was impacted. According to Blackbaud, between Feb. 7, 2020 and June 4, 2020, an unauthorized party had access to backup files for the Blackbaud fundraising software. We also retained outside cybersecurity experts, including a vendor to review the data at issue. On Oct. 7, 2020, we determined that personal information for members of our community was contained in the backup files. Although the information may differ for individuals, the incident may have involved the following information: names, addresses, physician, date of admission, department of service, and date of birth. In a minority of instances, procedure name was also involved. Finally, a single financial account number for one individual also was involved. Blackbaud has informed us that it has no indication that any of the information actually was viewed, and that it has no reason to believe that any of this information has been or will be misused, or will otherwise be made available publicly. Rady Children’s nonetheless has notified the affected individuals of the incident and provided them with steps they can take to protect their personal information.
We have confirmed that Blackbaud is taking steps to ensure that the information at issue was not being misused, and that it was taking steps to further protect the personal information going forward. Blackbaud has represented that they are monitoring the dark web for any exchange of personal information related to this incident, but have found no indication that the information is available on the dark web. Blackbaud also stated that they have reported the incident to the FBI. We will provide the FBI and law enforcement whatever assistance is needed.
Any person who receives a letter pertaining to this matter should review the steps outlined in the letter to protect their personal information. These steps may include reviewing account statements, obtaining copies of credit reports, placing fraud alerts on credit reports, and placing security freezes on credit files. Any person who has questions about the incident may call our toll-free number at: 1-877-540-0656, 8:00 a.m. to 5:00 p.m., Pacific Time.
Ben Metcalf (858) 966-8579