Blackbaud Attack Responsible for Breaches, Advisory from U.S. Treasury

 Friday, October 9, 2020

Eight out of the ten healthcare data breaches reported to the federal government in September were the result of a ransomware attack on fundraising and marketing software vendor Blackbaud. Of the 5.5 million patients whose data was compromised, many of them had given donations to the compromised hospital.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently released an advisory to warn institutions about facing potential sanctions for facilitating ransomware payments and assisting malicious cybercriminals. The advisory also encourages institutions that engage with victims of ransomware attacks to report such attacks and to fully cooperate with law enforcement, as these will be considered significant mitigating factors to possible OFAC sanctions-related violations.