Blackbaud’s Ransomware Breach Leaves Thousands Frustrated
by Rikin Shah
In another week of poor healthcare business associate security news, cloud services vendor Blackbaud has managed to compromise the data of 657,392 donors, potential donors, and patients associated with the Northern Light Health Foundation and Children’s Hospital of Pittsburgh Foundation.
This is just the tip of the iceberg as roughly 125 UK universities and countless donor-backed radio stations have also had their databases compromised as well.
What is Blackbaud?
Blackbaud is a cloud service CRM platform for educational institutions, non-profits, and healthcare organizations.
According to numerous reports, a security breach initially appeared on February 7th, 2020. The attack locked out customers via an entrance into Blackbaud’s data center server that primarily affected its ResearchPoint and DonorCentric products.
Because the attack exposed a vulnerability that had not been tested yet and mimicked user behavior, Blackbaud wasn’t able to figure out there was an attacker locking out its own customers until a major ransomware attack on May 14th, 2020 was stopped on May 20th, 2020 with the help of additional law enforcement and forensics teams.
Once the scheme was figured out, the team locked the attacker out of the system. The attacker, however, did manage to penetrate Blackbaud’s data servers and was able to get away with a copy of a subset of data from Blackbaud’s self-hosted environment.
In order to avoid having customer information published publicly or on the dark web, Blackbaud decided that the best course of action would be to pay a ransom demand to the hackers with “confirmation that the copy they removed had been destroyed.”
What does this mean?
Unfortunately, even if a ransom demand is eventually paid off, there are no guarantees that the stolen data has been completely destroyed. Only the attacker can truly know for sure.
In this case, Blackbaud’s customers may never get peace of mind over what happened to the demographic data stored on its databases which included phone numbers, names, addresses, birthdates, and donation history.
To this day, the case is being investigated with help from the FBI. Additionally, Blackbaud has been hit with a class action lawsuit stemming from the attack.
The larger impact is a rather ominous one as it shows that even the largest companies might have some security vulnerabilities. Blackbaud is a publicly-traded company with over 40,000 customers in 100 countries.
On the other hand, it could be argued that because Blackbaud is such a large company with several different kinds of clients, maintaining a unified security protocol may have posed a challenge to begin with.
Unfortunately, in this case, a hacker was able to take advantage of Blackbaud’s vulnerability and figured out a way to compromise the internal system.
The Paubox difference
Unlike Blackbaud, Paubox’s platform is designed with HIPAA in mind. This means that our databases and internal engineering have certain specifications that have been baked in to stop this kind of thing from happening in the first place.
In fact, Paubox Email Suite Standard, Plus, and Premium, as well as the Paubox Email API, are HITRUST CSF certified which means that our solutions have met key regulatory and industry-defined requirements in order to appropriately manage security risk.
Because healthcare organizations have a wealth of sensitive data and information, they are a major target for cybercriminals. Unfortunately, many covered entities lack the proper security protocols necessary to protect against well-designed attacks.
To mitigate this, it is more important than ever to partner with companies that understand the risks and work to neutralize them at every step of the way.
Email is the number one threat vector due to the human factor. Email filtering tools can block a lot of malicious messages, but if even one gets through it just takes one inadvertent click to grant unauthorized access to a hacker.
For this reason, Paubox takes a predictive approach. Our emphasis on attack prevention instead of attack response is how we are able to stop malicious activities from occurring in the first place.
Our HIPAA compliant email solutions are engineered with “agile functionality” in mind. This means that the software we use is nimble and goes through several updates on a daily, weekly, and monthly basis.
Several of these updates are purely security-based. This means that security and avoiding ransomware attacks is a constantly evolving process at Paubox.
Choosing a third-party vendor to take care of your patient or customer data is an extremely important decision that can affect all key stakeholders involved.
Make the decision to work with a vendor that stays absolutely up to date on all matters of security.
Remaining ignorant of potential external threats can leave companies and their customers vulnerable. This can lead to disastrous consequences that could end up even worse than the Blackbaud incident.