GRAND JUNCTION, Colo.- St. Mary’s Hospital, part of SCL Health, may have had personal information of patients exposed after someone hacked a system used by SCL health to store information on patients.
The system, called Blackbaud, is used by SCL Health and thousands of schools, non-profits, and hospitals across the country.
According to a statement released by St. Mary’s Hospital, Blackbaud is a cloud-based software company that provides customer relationship management and financial services tools.
St. Mary’s statement adds this security breach may have compromised some information of SCL Health patients such as names, birth dates, address, contact details, and hospital location.
On July 16, SCL Health was notified by Blackbaud of this incident.
SCL Health sent out letters to all patients whose information may have been compromised in the breach. One of the letters obtained by KREX 5/Fox 4 says the hack occured between February 7, 2020, and May 20, 2020.
A local spokesperson for SCL Health tells KREX 5/Fox 4 encrypted information like social security numbers, bank account information, and credit card information stored in Blackbaud was not accessible because that information is encrypted. In other words, that information was not compromised by the hacker.
The letters sent out by SCL Health along with a statement from St. Mary’s Hospital says this incident did not involve a breach of medical systems or electronic health records, meaning people’s personal medical records were not accessed in the hospital.
KREX 5/Fox 4 reached out to SCL Health for comment on this incident, and a spokesperson directed us to the news release the health group posted on its website Tuesday about the data breach.
SCL Health has also set up a toll free number for anyone who may have received letters about the security incident at 1-866-968-0158 to answer any additional questions or concerns.