I wanted to advise you that we have recently learned that Blackbaud, our third-party provider of donor management software, was targeted with ransomware. This affected the Health Sciences Centre Foundation, other Manitoba charities, and many other non-profit organizations around the world.
Allow me to explain what happened.
Broadly speaking, “ransomware” is used by cybercriminals to extract money from individuals and organizations by threatening to expose personal data. Blackbaud, a recognized global leader in software services to the charitable sector, was a target of a recent attack.
As part of the ransomware attack on Blackbaud, the cybercriminal did access certain data that they maintain. What the cybercriminal could possibly see was names, addresses, phone numbers, birth dates, and gift amounts. In May of 2020, Blackbaud discovered and stopped the attack. We learned of this event on July 16, 2020 and have been following up on the matter since that time.
However, it is important to note that Blackbaud has advised that the data visible to the cybercriminal did not include any of our donors’ banking information, credit card numbers, usernames, passwords, or social insurance/social security numbers. This information is encrypted and safe.
Blackbaud customers around the world were affected by this breach. Blackbaud has paid the ransom and it has confirmed that the data that was obtained by the cybercriminal was destroyed. The additional review and research of the incident by Blackbaud and third-party investigators (including law enforcement) shows no evidence that the data was misused or otherwise made available publicly. However, in order to further mitigate risks, Blackbaud has hired a forensic firm to monitor the internet for any signs of the breached data.
To be clear, the cybercriminal did not hack the HSC Foundation’s systems. This was an attack on Blackbaud.
We are confident that Blackbaud has dealt with this incident effectively. However, we will continue to work with Blackbaud to ensure that it is doing all that is possible to put further security measures in place and to help prevent such occurrences in the future.
Your privacy and the integrity of our relationship with you are of the highest importance. As a precautionary measure, we encourage all of our donors to continue to monitor their email accounts for any unusual activity moving forward. In particular, please:
- Review all emails from the Health Sciences Centre Foundation to ensure they are from an authentic web domain (@hscfoundation.mb.ca).
- If you receive an inauthentic email, please do not click on any hyperlinks in the email.
- If you receive a request for personal or confidential information from the Health Sciences Centre Foundation, please ensure that it is a legitimate request from us before providing that information.
I thank you for your ongoing support and confidence.
If you have any questions about this incident, please email firstname.lastname@example.org, or call 204-515-5612, or 1-800-679-8493 (toll free) and ask to speak with myself, Jonathon Lyon, President and Chief Executive Officer of the HSC Foundation.