Notice of Third-Party Data Breach

NorthShore University HealthSystem (NorthShore) is reporting that protected health information (PHI) of its patients was involved in a data security breach. NorthShore has sent notification letters to individuals who have been affected by this incident.

On July 22, 2020, NorthShore learned of a data security incident from a company named Blackbaud, a software services provider to 35,000 nonprofit fundraising entities worldwide including NorthShore Foundation. According to Blackbaud, the incident involved a “ransomware” attack on its systems between February 7 and May 20, 2020, during which time unauthorized individuals accessed and extracted some of Blackbaud’s client files.

Upon learning this, NorthShore immediately reviewed the Blackbaud notification and requested additional information to mitigate any effects. Importantly, Blackbaud confirmed that no credit card, bank account information, social security numbers, or user login credentials and passwords were compromised or accessed. However, we determined that some NorthShore PHI was breached including patients’: full name, date of birth, contact information (address, phone number, e-mail address), admission and discharge date(s), NorthShore location(s) of services, and physician name(s) and specialties.

This incident was not a breach of NorthShore’s internal applications or systems; and therefore, no patient medical records were accessed.

In response to this attack, Blackbaud took actions to mitigate the breach, including notifying appropriate law enforcement; successfully locking out the unauthorized users from its system; paying a financial demand in exchange for confirmation that the extracted files were destroyed; hiring a monitoring service to ensure no future use of the data breached; and heightening its security efforts to protect against future cyberattacks.

Based on the data involved, we believe there is low risk of harm to affected individuals. As such, there are no specific actions donors or patients need to take at this time. We are notifying all affected individuals and reminding everyone to regularly monitor personal accounts for any suspicious activity.

NorthShore takes cybersecurity and our role of safeguarding patients’ protected health information very seriously. We continue to respond and adjust to the evolving cyber climate, and also to further identify and develop best practices to protect our donor and patient PHI. We deeply value your relationship and sincerely apologize for this incident. For additional information regarding this incident or to determine if your data was involved, please contact the NorthShore Foundation at: 1-224-364-7200.

Quick Links    |    Make A Gift    |    Save the Date    |     Join Us    |    Contact Us    

Join the conversation       

Policies and Procedures | © 2021 NorthShore University HealthSystem. All Rights Reserved.

1033 University Place, Suite 450
Evanston, IL 60201