EVANSTON, Ill. (CBS) — The personal information of more than 340,000 people compromised in a data breach.
As CBS 2’s Vi Nguyen reported Wednesday, it was potentially exposed after a vendor working with NorthShore University Health System was targeted in a ransomware attack.
Cybercriminals got a hold of personal information of possible donors, doctors, employees and even patients. NorthShore University Health System said it took immediate action after learning about a breach involving one of its vendors.
Blackbaud provided software services to the North Shore Foundation when it was hacked earlier this year, between February 7 and and May 20.
NorthShore said it wasn’t notified of the breach until the end of July. At one point, cyber criminals had possible access to personal information of 348,000 people.
The list includes possible donors, doctors and patients. Their full names, date of birth, contact information, including addresses, phone numbers and email addresses were possibly exposed. Even when they were admitted and released from the hospital.
So what about the personal medical records of patients?
North Shore said in a statement no patient medical records were accessed and that cyber criminals did not get ahold of credit card, bank account and Social Security numbers.
NorthShore is asking those impacted by this breach to monitor their accounts for any suspicious activity. Meanwhile, Northwestern Memorial Healthcare used the same vendor so it was impacted by the breach.
In that case, there are reports of nearly 56,000 people had their information possibly exposed.
NorthShore released a statement to CBS 2 with the following:
“We take cybersecurity and our role of safeguarding patients’ protected health information very seriously. This incident was not a breach of NorthShore’s internal systems—no patient medical records were accessed. Upon receiving the breach notice from Blackbaud, an outside vendor that provides software services to our Foundation, we immediately reviewed and requested additional information to mitigate any effects.
“Blackbaud confirmed that no credit card, bank account information, social security numbers, or user login credentials and passwords were compromised or accessed. Based on the data involved, there is low risk of harm to affected individuals.
“We are notifying all impacted individuals and reminding everyone to regularly monitor personal accounts for any suspicious activity.”