Inova Health System is among a dozen health systems affected by a ransomware attack at a third-party software vendor.
The Falls Church, Virginia-based health system is notifying more than 1 million patients and donors that their personal data may have been compromised by the cyber attack.
Blackbaud, a third-party service vendor used for fundraising and alumni or donor engagement efforts at non-profits and universities, said cyber attackers intermittently removed data from Blackbaud’s systems between February 7, 2020 and May 20, 2020.
While Blackbaud prevented the cybercriminals from blocking its system access and fully encrypting its files, the attackers were successful in removing a copy of a subset of data from the vendor’s self-hosted environment, the company said in a statement posted to its website.
The software company said it paid a ransom so that the attackers would destroy their backup file of stolen information.
The attackers did not access credit card information, bank account information, or Social Security numbers, according to Blackbaud.
Inova said it learned of the incident in July.
“This was a