OSF HealthCare System (“OSF”) is mailing letters to its patients advising them of the Blackbaud ransomware incident that has already impacted more than 10 million other patients.
OSF’s statement doesn’t reveal when Blackbaud first notified them, but they report that
On August 20, 2020, OSF’s investigation and review of the Blackbaud database involved in the incident determined that it contained some patient information, including names, addresses, phone numbers, email addresses, dates of birth, treatment facilities, treating physicians, departments of service, room numbers and/or medical record numbers.
OSF HealthCare is a not-for-profit Catholic health care organization that operates a medical group, hospital system, and other health care facilities in Illinois and Michigan. Headquartered in Peoria, Illinois, OSF HealthCare is owned and operated by the Sisters of the Third Order of St. Francis. From their self-description: OSF HealthCare employs more than 23,600 Mission Partners in 147 locations, including 14 hospitals – 10 acute care, four critical access – with 2,097 licensed beds, and two colleges of nursing throughout Illinois and Michigan.
The health system’s notice did not reveal how many patients are being notified, but this will almost certainly be listed on HHS’s public breach tool in the near future.