Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

MultiCare donors, patients among victims in international ransomware attack

MultiCare Deaconess Hospital in Spokane is seen in this August 2020 photo.  (DAN PELLE/THE SPOKESMAN-REVIEW)

MultiCare Health System is warning tens of thousands of its patients and donors that their personal information may have been compromised in a cyber attack against its online fundraising partner earlier this year.

The Tacoma-based health care provider is sending notifications to more than 126,000 donors to its charitable foundation and more than 176,000 patients that their information may have been acquired during a ransomware attack on Blackbaud, a South Carolina-based firm MultiCare has used for years for fundraising and engagement.

The information received by the cyber thieves did not include Social Security numbers or information on bank or credit card accounts, according to statements by both MultiCare and Blackbaud. MultiCare believes that, for donors to both the health care provider’s foundation and the Carol Milgard Breast Center in Tacoma, thieves may have had access to the person’s name, address, telephone number and email address. For patients, the information may have included demographics, date and department of service and provider name.

Ransomware attacks, part of increased cyber criminal activity that federal law enforcement agencies have been warning is on the uptick, involves a thief taking control of a computer system and then demanding the payment of a ransom in order to regain control. Blackbaud, in a statement released in July, indicated that it had paid the ransom and received confirmation that the stolen data was deleted.

“Their motivation was to disrupt our business by encrypting customer files in our datacenters, which we were able to prevent,” the company said in an emailed statement in response to questions sent Wednesday. “We have hired a third-party team of experts to monitor the dark web as an extra precautionary measure.”

The company would not say if any additional firms in the Inland Northwest were affected by the data breach, citing a desire to “respect the privacy of our customers.” But some 25,000 nonprofits are believed to have been affected, including the women’s health care provider Planned Parenthood.

Planned Parenthood of Greater Washington and North Idaho was notified earlier this year that the names and birthdays of 281 potential donors, included on a list that was six years old, were part of the information stolen by hackers, said Paul Dillon, vice president of public affairs for Planned Parenthood. The list did not include any financial information, and those affected have been notified, Dillon said.

MultiCare is encouraging those who receive notifications to keep an eye on their financial accounts, though there is no evidence to suggest financial information was obtained by the hackers. Those with questions may call MultiCare’s Privacy Office at (800) 920-1477.

The FBI encourages computer users to be proactive to defend against ransomware attacks, including updating software to the latest version and verifying the authenticity of email attachments before opening, said Christian Parker, the FBI’s supervisory special agent in Spokane.

If data is stolen, the FBI discourages victims from paying the ransom, per guidance issued by multiple federal agencies. Paying a ransom may prompt the thieves to ask for more money. There’s no guarantee the data will be released and it may encourage future criminal behavior, according to the guidance.