Notice to Our Patients of a Privacy Incident
University of South Alabama Health (“USA Health”) is committed to protecting the security and privacy of our patients. Regrettably, we recently learned of an incident that occurred at one of our vendors, Blackbaud, Inc. (“Blackbaud”), that may have involved some USA Health data.
Blackbaud is a vendor that provides USA Health with data solution services related to our relationship management system, which we use to communicate with USA Health constituents and friends - as well as current and future donors - to advance our mission. On July 16, 2020, Blackbaud informed USA Health it had discovered that an unauthorized individual had gained access to Blackbaud’s systems between February 7 and May 20, 2020. Blackbaud advised that the unauthorized individual may have acquired backup copies of databases used by Blackbaud’s customers, including a backup of the database that contains our information. Upon learning about the incident, we immediately took steps to understand the extent of the incident and the data involved.
Based on our review of the affected database, we have reason to believe that it may have contained some patient information, including patient names, addresses, phone numbers, email addresses, dates of birth, gender, health insurer names, facility locations, dates of service, attending physician names, nursing stations/clinics, and/or the names, contact information and employers for insurance guarantors.
Importantly, USA Health did not use the Blackbaud database to store Social Security numbers or any financial or credit card information, and therefore that information was not involved in the incident. Also, this incident did not involve any access to USA Health medical systems or electronic health records.
We want our patients to know that we are taking this matter very seriously. We mailed letters regarding the incident to those whose information was contained in the Blackbaud database on September 14, 2020. We have also established a dedicated call center to answer any questions about this incident, which may be contacted at (888) 977-0619, Monday through Friday, 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays.
At this time, there is no evidence of misuse of the information involved in this event. However, for any affected patients, we recommend that they review the statements they receive from their healthcare providers. If they see services they did not receive, please contact the provider immediately. To prevent something like this from happening again, we have discontinued sending data to Blackbaud until we are provided with written assurances that they are adhering to appropriate administrative, physical and technical data safeguards.
We are sorry for any concern that this incident may cause and are most grateful for the support of our constituents.