SAYRE, Pa. – Guthrie has begun notifying some of its patients whose data may have been affected by a “cybersecurity incident” involving Blackbaud, an international vendor specializing in philanthropy services for not-for-profits.
Blackbaud informed Guthrie on July 16, 2020 that an unauthorized individual(s) had gained access to Blackbaud’s systems between February 7 and May 20, 2020, and a backup file containing Guthrie information may have been part of the data acquired by the unauthorized persons. Guthrie immediately took steps to understand the extent of the incident and the data involved. Based on a thorough investigation, it is believed that the backup file that was acquired contained information pertaining to some Guthrie patients, including patient name(s), contact information, age, gender, date(s) of treatment, department(s) of service, treating physician(s), and health insurance status.
Importantly, Blackbaud has informed Guthrie that financial and credit card account information were encrypted, and therefore not accessed by the unauthorized individual. Social Security numbers were not in the data shared with Blackbaud. Also, this incident did not involve any access to diagnosis or treatment plans in any Guthrie medical systems or electronic health records.
Guthrie President and CEO, Dr. Joseph Scopelliti said, “Guthrie is committed to protecting the security and privacy of its patients, and all the individuals who support our organization. We take this situation very seriously and to help prevent something like this from happening again, Guthrie is examining its vendor relationship with Blackbaud and evaluating other alternatives.”
If you believe your information may have been involved in the incident, Guthrie recommends that you review the statements you receive from your healthcare providers. If you see services you did not receive, contact the provider immediately.