It doesn’t have to be your agency directly that suffers a ransomware attack, to have to break bad privacy news. A New England hospice is learning that lesson the hard way. The vendor that maintains the donor database for VNA & Hospice of the Southwest Region in Vermont experienced a ransomware attack and data breach in May and just notified the agency in July, the VNA wrote in an August letter to supporters. Donors’ names, mailing addresses, email addresses, phone numbers, birthdays and information “such as donation dates and amounts might have been exposed,” according to the letter, reported the Bennington Banner newspaper. The good news was no financial information was breached.
Although the vendor, Blackbaud, stopped the attack, the criminal was able to download a subset of data first, so Blackbaud paid the ransom demand, it explains at www.blackbaud.com/securityincident.