Ransomware cyber

Saint Luke's Foundation

Feb 7, 2020 1 min read
Saint Luke's Foundation

Saint Luke's Foundation experienced a data breach via a ransomware attack executed by a third-party vendor, Blackbaud, between February 7, 2020, and May 20, 2020. The incident involved unauthorized access to limited patient demographic and guarantor information, though no highly sensitive data—such as credit card details, bank account information, or Social Security numbers—was compromised. The exact number of affected individuals remains undisclosed. The breach was reported by the California Office of the Attorney General on August 20, 2020, highlighting the risks associated with third-party vendor vulnerabilities in healthcare data security. While the attack did not result in financial fraud or identity theft, it exposed personal details, raising concerns over patient privacy and trust in the foundation’s data protection measures.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-193317

TPRM report: https://www.rankiteo.com/company/stlukesfdn

"id": "stl559091725",
"linkid": "stlukesfdn",
"type": "Ransomware",
"date": "2/2020",
"severity": "75",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'California, USA',
                        'name': "Saint Luke's Foundation",
                        'type': 'Non-Profit / Healthcare Foundation'},
                       {'industry': 'Cloud Computing / Software',
                        'name': 'Blackbaud',
                        'type': 'Third-Party Vendor'}],
 'data_breach': {'personally_identifiable_information': ['Demographic data'],
                 'sensitivity_of_data': 'Moderate (no highly sensitive PII '
                                        'like SSNs or financial data)',
                 'type_of_data_compromised': ['Patient demographic information',
                                              'Guarantor information']},
 'date_publicly_disclosed': '2020-08-20',
 'description': 'The California Office of the Attorney General reported that '
                "Saint Luke's Foundation experienced a data breach involving a "
                'ransomware attack by a third-party vendor, Blackbaud. The '
                'breach affected potentially limited patient demographic and '
                'guarantor information but did not involve credit card '
                'information, bank account information, or social security '
                'numbers. The breach occurred between February 7, 2020, and '
                'May 20, 2020.',
 'impact': {'data_compromised': ['Patient demographic information',
                                 'Guarantor information'],
            'identity_theft_risk': 'Low (no SSNs, credit card, or bank account '
                                   'info exposed)',
            'payment_information_risk': 'None'},
 'ransomware': {'data_encryption': 'Likely (ransomware attack)'},
 'references': [{'date_accessed': '2020-08-20',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
                                                       'Office of the Attorney '
                                                       'General'},
 'response': {'communication_strategy': 'Public disclosure via California '
                                        'Office of the Attorney General'},
 'threat_actor': 'Blackbaud (Third-Party Vendor)',
 'title': "Saint Luke's Foundation Data Breach via Blackbaud Ransomware Attack",
 'type': 'Data Breach (Ransomware)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.