BUFFALO, N.Y. (WIVB)–Catholic Health and its foundations received notification in mid-July of a cybersecurity breach by a third-party software vendor.
The breach impacted the health system and other non-profit organizations locally and throughout the country.
Officials say the breach, which was part of a potential donor database, included names, medical record numbers, and dates of service for patients who received care in Catholic Health from 2016 through May of this year.
Catholic Health tells us no medical information, social security numbers, addresses, bank account numbers, or credit card information was included in the breach.
Blackbaud, the third-party software vendor, paid the cybercriminal’s ransom and received confirmation that the data was destroyed.
“Out of an abundance of caution, we are sharing this information with our patients and community to increase awareness of this incident for the Western New York region,” Catholic Health wrote.
Kimberly Whistler, Catholic Health Corporate Compliance & Privacy Officer says, “all patients whose names and information were part of this incident will be receiving a letter from Catholic Health in the next few weeks. While we do not believe there is a need for anyone to take action, we recommend all patients remain vigilant and report any suspicious activity or suspected identity theft to the proper authorities.”