Patient Sues Rady Children’s Hospital Over Blackbaud Data Breach

Patient Sues Rady Children’s Hospital Over Blackbaud Data Breach

Posted January 26, 2021

Patient Sues Rady Children’s Hospital Over Blackbaud Data Breach

  • Rady Children’s Hospital in San Diego is being sued by a guardian of a patient whose information was compromised during last year’s hack of Blackbaud, its vendor.
  • The Blackbaud incident was the largest healthcare data breach of 2020. The incident first came to light in August, when Northern Light Health Foundation reported the data of 657,392 of its patients and donors were compromised by a ransomware attack on its vendor, Blackbaud.
  • According to the filing, the Rady Children’s data compromised by the Blackbaud incident included patient names, addresses, dates of birth, the names of patients’ physicians, and the hospital department visited by the patients.
  • Blackbaud is currently facing more than 20 lawsuits after the incident, which impacted more than 10 million patients from over 100 entities from a range of sectors, among several dozen healthcare organizations.
  • The lawsuit filed against Rady Children’s alleges the provider violated the state’s consumer privacy protection and medical information laws.
  • The lawsuit claims the stolen data was copied multiple times by unauthorized users, and not destroyed, with an increased likelihood the data will be sold or misused at a later data.
  • Arguably, data does support this claim: exfiltration has drastically increased in recent months and many of these extortion groups falsify the “proofs” that the stolen data was deleted.

– Jessica Davis | January 26, 2021