L+M hospital donor information hacked in ransomware attack
New London — Lawrence + Memorial Hospital has reported a ransomware attack involving a company the hospital uses for donor communications and engagement.
The hospital announced the data breach in an emailed statement Wednesday and said that demographic information of donors — including their names, addresses, phone numbers, dates of birth and philanthropic history — were included in the breach.
Some donors also may have had their financial information hacked, while others may have had the names of their doctors or dates of service at the hospital exposed.
The cyberattackers never had access to medical records, the statement said.
In the ransomware attack, an unauthorized party removed information from Blackbaud's software, affecting many of the company's 35,000 worldwide clients. The attacker demanded a payment from Blackbaud, which the company paid.
Blackbaud told L+M that after it made the payment, it was assured the data were destroyed and that the information stolen was not disseminated anywhere. But the hospital said it has not been able to independently confirm that claim.
The attack happened sometime between Feb. 7 and March 20 and L+M was notified of the breach on Aug. 14, the statement said.
The hospital said that the Yale New Haven Health System immediately started an extensive investigation to figure out what information was exposed and who was affected. Those affected will receive a letter in the mail and will be offered a free credit monitoring service.
Yale New Haven Health is investigating and L+M will review its relationship with Blackbaud, the statement said.
Donors to Otis Library in Norwich also were affected in the ransomware attack at Blackbaud, the library disclosed last month.
Anyone with concerns about the breach is asked to call (888) 479-3575 or visit blackbaud.com/securityincident for more information.
Comment threads are monitored for 48 hours after publication and then closed.