OSF HealthCare Systems has mailed letters to its patients advising them of a security breach at one of its vendors.
The incident occurred at Blackbaud, provider of cloud-based and data solution services, and involved an unauthorized individual who gained access to Blackbaud’s systems between Feb. 7 and May 20, according to the company.
OSF HealthCare Systems, through OSF Home Care Services, operates eight home health agencies, eight hospice agencies, home infusion pharmacy and home medical equipment offerings.
This individual at Blackbaud may have acquired backup copies of databases used by its customers, including a backup of the database OSF uses for fundraising efforts, OSF said. After being notified of the incident, the organization took steps to evaluate the extent of the incident and the data involved.
An OSF investigation and review of the Blackbaud database involved in the incident determined that it contained some patient information, including names, addresses, phone numbers, email addresses, dates of birth, treatment facilities, treating physicians, departments of service, room numbers and/or medical record numbers.
Blackbaud advised that Social Security numbers, financial account and credit card information were encrypted and inaccessible by the individual and that the incident did not involve any access to OSF’s medical systems or electronic health records.
To help prevent something like this from happening again, OSF said it is assessing the security safeguards at Blackbaud and evaluating the data elements stored on the Blackbaud systems. OSF also has established a dedicated call center to answer any questions about the incident.
A spokesperson for OSF told the McKnight’s Home Care Daily that the company had no further comment.
