Blackbaud Data Security Incident Notice
Dear Mount Sinai Community Member,
Mount Sinai Health System is committed to protecting the security and privacy of information we receive from our donors and patients and all individuals who support our fundraising efforts. We wish to inform you of a recent incident that occurred in an offsite data facility owned and managed by Blackbaud, one of our third-party vendors, that may have involved some of your information. Blackbaud provides fundraising software to leading academic and non-profit organizations around the world. Mount Sinai was one of thousands of organizations impacted by this event.
On July 16, 2020, Blackbaud informed us (and many other healthcare, academic, and other nonprofit organizations) that an unauthorized individual had gained access to Blackbaud’s systems between February 7 and May 20, 2020. Blackbaud advised us that the unauthorized individual may have acquired a backup of the database that manages our fund-raising information. Once informed, Mount Sinai took immediately took steps to understand the extent of the incident and the data involved, and performed a risk assessment.
What Information Was Involved?
The unauthorized individual may have had access to a file that contains various information on donors and potential donors. That information may have included your name, age, gender, date of birth, address(es), telephone number(s), email address(es) and Mount Sinai medical record number. If you have not opted out of fundraising activities, the file also may have included a health care provider’s name, the name of the Mount Sinai practice/location, and information about how the Mount Sinai Development Offices have interacted with you, such as events you have attended, comments you have shared regarding your experiences at Mount Sinai, and your contributions to Mount Sinai.
Importantly, Mount Sinai has never provided your Social Security number or any financial or credit card account information to Blackbaud; therefore, this information was not accessed by the unauthorized individual. Also, this incident did not involve any access to Mount Sinai’s medical systems or electronic health records.
What We Are Doing:
To help prevent something like this from happening again, we are meticulously reviewing how our information is stored and protected by Blackbaud and putting additional encryption measures in place to enhance Blackbaud’s protection of Mount Sinai’s data. We value your relationship and regret any concern or inconvenience this incident may have caused you. Should you have questions, please contact firstname.lastname@example.org or (212) 659-8500.
Mark Kostegan, FAHP
Chief Development Officer
Senior Vice President for Development
Mount Sinai Health System