ELLSWORTH — Officials at Northern Light Health are seeking to reassure residents after databases containing information about donors, potential donors, fundraiser participants and some patients were potentially accessed by hackers.
The affected databases were affiliated with the Northern Light Health Foundation, a separate entity that raises funds for the hospital group. Its most recent available 990 forms show a total of $87,901,252 in assets and $11,182,812 in total revenue in 2017-18. The information was hosted by Blackbaud, a Charleston, S.C.-based security firm.
The electronic health records are maintained separately from the foundation, the company wrote in a press release. Staff will reach out by mail to anyone whose personal information was accessed as a result of this incident.
Blackbaud first became aware of the hack in May but first reported it publicly in mid-July. The Northern Light Health Foundation was informed on July 16.
“The cybercriminal did not access credit card information, bank account information or Social Security numbers,” the company wrote in a press release. “Because protecting our customers’ data is our top priority, we paid the cybercriminal’s demand with confirmation that the copy they removed had been destroyed. Based on the nature of the incident, our research and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused or will be disseminated or otherwise made available publicly.”
A range of nonprofits have been affected by the breach, from the Roman Catholic Diocese of Portland to Planned Parenthood of Northern New England, according to their websites, as well as Cheverus High School in Portland, Bowdoin College in Brunswick, the Good Shepherd Food Bank in Auburn, The Jackson Laboratory in Bar Harbor and the Coastal Maine Botanical Gardens in Boothbay.
Mike Smith, president of the Northern Light Health Foundation, said in a statement that “We greatly value the trust our patients, donors, and community partners place in us. We know that learning about a security breach can be unsettling, and we’re committed to investigating this incident thoroughly with Blackbaud and ensuring that our fundraising data will continue to be fully protected. We will provide more information to those who were affected as soon as we better understand what happened.”