On Thursday, July 16, 2020, Northwest Kidney Centers was notified by Blackbaud, Inc., one of its third-party vendors, that it experienced a cyber security incident that impacted our donor database and may have contained some of our donors’ personal information.
We are mailing letters to the individual donors involved. Whether you receive a letter or not, if you have questions, please contact us using the information at the end of this post.
Blackbaud reported that it experienced a ransomware incident that resulted in a breach of information. The event was contained on May 20, 2020. Blackbaud has partnered with its Cyber Security team, independent forensics experts and law enforcement to address this breach and ensure the safety of systems going forward.
Type of information involved
Blackbaud has stated that credit card information and banking information were not accessed by the cybercriminal and it remains encrypted. However, Blackbaud determined that the information removed and presumably destroyed may have included: Northwest Kidney Centers donors’ name, full date birth, and—for donors whose record includes it—information about treatment, health conditions and/or medications as related to the donor’s relationship with Northwest Kidney Centers. Note: Northwest Kidney Centers’ electronic medical record was not involved in the cyberattack. Blackbaud does not believe any data was shared beyond the cybercriminal or will be disseminated or otherwise made available publicly.
What Blackbaud is doing
As part of ongoing efforts, Blackbaud has implemented several changes that we believe will protect our donors’ data from any subsequent incidents.
“Blackbaud has assured Northwest Kidney Centers that no credit card, bank account or other information of that nature was compromised. However, as a best practice, we recommend donors remain vigilant by reviewing their account statements, credit reports and explanations of benefits closely and report any suspicious activities.”
Steps Northwest Kidney Centers is taking
Upon receiving notice of the cyber incident, we immediately launched our own investigation to better understand the incident’s nature, scope and impact on its data. Please note that to date we have not received any information from Blackbaud that donor information was specifically accessed or acquired as a result of the cyberattack.
The confidentiality, privacy and security of information in Northwest Kidney Centers’ care is among our highest priorities. We take this incident very seriously. As part of our ongoing commitment to the security of donor information, we are reviewing our existing policies and procedures regarding third-party vendors and working with Blackbaud to evaluate additional measures and safeguards to protect against this type of incident in the future.
What Northwest Kidney Centers donors can do
Again, Blackbaud has assured us that no credit card, bank account or other information of that nature was compromised. However, as a best practice, we recommend donors remain vigilant by reviewing their account statements, credit reports and explanations of benefits closely and report any suspicious activities.
- Donors can obtain a free copy of their credit report from each of the three major credit reporting agencies (Experian, TransUnion and Equifax) once every 12 months by visiting www.annualcreditreport.com, calling toll-free 877-322-8228 or completing an Annual Credit Report Request form and mailing it to Annual Credit Report Request Service, PO Box 105281, Atlanta, GA 30348.
- If donors detect any suspicious activity, they should promptly notify the financial institution or company where the account is maintained. Also, donors should report any fraudulent activity or suspected incidence of identity theft to law enforcement authorities, their state attorney general and/or the Federal Trade Commission.
- To file a complaint with the FTC, donors can go to www.ftc.gov/idtheft or call 1-877-ID-THEFT (877-438-4338). The Federal Trade Commission offers tips on how to avoid identity theft. For more information, donors can visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (877-438-4338).
- Donors have the right to place a “security freeze” or an initial or extended “fraud alert” on their credit report. Pursuant to federal law, donors cannot be charged to place or lift a security freeze on their credit report. Should donors wish to place a security freeze or fraud alert on their credit, they should contact the major consumer reporting agencies listed below:
|PO Box 9554||PO Box 2000||PO Box 105788|
|Allen, TX 75013||Chester, PA 19016||Atlanta, GA 30348-5788|
Our commitment to donors
Northwest Kidney Centers deeply regrets that this incident occurred. While data breaches and ransomware attacks are becoming more common, this is not something we ever want to happen to our valued supporters.
We sincerely apologize for any inconvenience this incident may cause. If you have any questions or concerns regarding this matter, do not hesitate to contact Northwest Kidney Centers at firstname.lastname@example.org, 1-800-338-7687 (M-F, 8:30 a.m. – 5 p.m.) or by U.S. Mail to Northwest Kidney Centers, Attn: Alan Brandon, 700 Broadway, Seattle WA 98122.