Blackbaud data security incident

We value the trust placed in us at Regions Hospital. We recently learned about a data security incident that involved some of our patients’ information. In addition to notifying affected patients by letter, we are also posting this notification to our website. The information below explains what happened, what it means for those affected, and how you can find answers to any questions you might have.

Blackbaud is a third-party service provider that hosts our foundation database. It notified us in mid-July that it had discovered and stopped a ransomware attack. Blackbaud’s fundraising and database services are used by thousands of organizations around the world, including universities, social service nonprofits, health care systems and charitable and philanthropic organizations of all kinds.

We have mailed letters to patients whose information may have been involved.

A very limited amount of information may have been involved.

This information did include:

• Names
• Addresses

This information may have included:

• Dates of birth
• Dates we cared for patients
• The names of doctors who admitted or treated patients
• Departments visited

This information did not include:

• Credit card information
• Bank account information
• Social security numbers
• Any additional medical information, such as diagnosis or treatment plan

Based on the nature of the incident, its internal research and a law enforcement investigation, Blackbaud has said they have no reason to believe the information was or will be misused. A full description of the incident is available on the Blackbaud website at www.blackbaud.com/securityincident .

As a nonprofit organization, we rely on support from Regions Hospital Foundation to help fund the health care services, treatment and research that enables us to provide outstanding care to our patients. Often, people choose to make a donation to our foundation after they or a loved one has a positive experience with us. We track a limited amount of information in the Blackbaud database so we’re able to identify which doctor or department someone has interacted with in case they’d like to direct their gift to a specific program. Programs like this are common among health care foundations, and this information is collected to serve that purpose.

Protecting your information is something we take very seriously. Since learning of this incident, we have been working with Blackbaud to understand the scope of the ransomware attack and the steps it is taking to prevent future data security incidents. Our security experts have evaluated Blackbaud’s security protocols and feel confident it has taken the appropriate action to further protect the information entrusted to it.

We regret that this happened and apologize for any inconvenience it might cause. We encourage affected patients to continue practicing the usual caution around suspicious communication and promptly report any suspected identity theft or other suspicious activity to the proper law enforcement authorities.

While we do not believe that this incident puts patients at risk for identity or financial theft, as a precautionary measure, we are offering affected patients one year of free credit monitoring and identity protection services. Information on how to activate that was included in the letter affected patients received. In order to receive the monitoring services, patients must enroll within 90 days from the date of the letter.

Please call 855-907-2148 if you have questions or would like to talk with us more.

Thank you for entrusting Regions Hospital with your care, and for helping us make a positive impact on the health and well-being of our patients and community.