DANVILLE, Pa. (WTAJ) — Geisinger has begun notifying some of its patients of a data security incident that occurred at a third-party vendor, Blackbaud, Inc.
Blackbaud provides cloud-based data solutions to the Geisinger Foundation.
Blackbaud notified Geisinger it had discovered an unauthorized individual gained access to Blackbaud’s systems between Feb. 7 and May 20, 2020, and that the individual obtained backup copies of databases used by Blackbaud customers, including the database that manages Geisinger’s donor information.
Geisinger immediately launched an internal investigation to understand the extent of the data involved, and on Aug. 17, 2020, determined that the database contained some patient information, including names, dates of birth, age, gender, dates of treatment, departments of service, treating physicians, and/or medical record numbers.
Importantly, officials say, Social Security numbers, financial accounts, and credit card numbers were not contained in the database and were not involved in the incident. Also, this incident did not involve any access to Geisinger’s electronic health records.
Geisinger has established a dedicated call center to answer any questions about this incident, which can be reached at 877-591-0212 Monday through Friday, 9 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays.
Geisinger recommends that any affected patients review statements received from their medical providers, and to contact the provider immediately if they identify any services they did not receive.
“At Geisinger, we take our patients’ privacy incredibly seriously and we are here to help anyone who may have questions or concerns about this incident,” said Jonathan Friesen, Geisinger’s chief privacy officer. “To help prevent something like this from happening again, we are reviewing what information is stored at Blackbaud and its proposed security enhancements.”