Danville, Pa. – Geisinger has begun notifying some of its patients about a data security incident that occurred at Blackbaud, Inc., a third-party vendor that provides cloud-based data solutions to nonprofits, foundations, and other organizations, including the Geisinger Foundation.
An unauthorized individual gained access to Blackbaud's systems between February 7 and May 20, 2020, and obtained backup copies of various databases used by Blackbaud customers, including the database that manages Geisinger's donor information.
Related reading: Geisinger launches new scam prevention resource
After being notified of the breach by Blackbaud, Geisinger launched an internal investigation to determine the extent of the data involved. Some patient information including names, dates of birth, age, gender, treatment dates, departments of service, treating physicians, and medical record numbers were included in the database.
Fortunately, Social Security numbers, financial account information, and credit card numbers were not contained in the database that was accessed. Geisinger's electronic health records were also unaffected.
Geisinger has established a dedicated call center to answer questions about this incident, which may be reached at (877) 591-0212 Monday through Friday, 9 a.m. to 6:30 p.m., excluding major U.S. holidays. Geisinger recommends that any affected patients review statements received from their medical providers, and to contact the provider immediately if they identify any services they did not receive.
“At Geisinger, we take our patients’ privacy incredibly seriously and we are here to help anyone who may have questions or concerns about this incident,” said Jonathan Friesen, Geisinger’s chief privacy officer. “To help prevent something like this from happening again, we are reviewing what information is stored at Blackbaud and its proposed security enhancements.”