IOWA CITY, Iowa, Sept. 14, 2020 /PRNewswire/ — On Thursday, July 16, 2020, Prelude Behavioral Services (“Prelude”) formerly MECCA, received notification from one of its third-party vendors, Blackbaud, Inc. (“Blackbaud”), of a cyber incident. Blackbaud is a cloud computing provider that offers financial accounting tools to non-profit organizations, including Prelude. Blackbaud reported that, in May 2020, it experienced a ransomware incident that resulted in encryption of certain Blackbaud systems. Blackbaud reported the incident to law enforcement and worked with forensic consultants to investigate. Following its investigation, Blackbaud notified its customers, including Prelude, that a cybercriminal may have accessed or acquired certain Blackbaud customer data. Blackbaud reported that the data was exfiltrated by the cybercriminal at some point before Blackbaud locked the cybercriminal out of the environment on May 20, 2020.
Upon learning of the Blackbaud incident, Prelude immediately commenced an investigation to better understand the nature and scope of the incident and any impact on Prelude data and what, if any, sensitive Prelude data was potentially involved. This investigation included working diligently to gather further information from Blackbaud to understand the scope of the incident. On September 3, 2020, Prelude’s investigation determined that the information potentially affected may have contained personal information.
Prelude’s investigation determined that the involved Blackbaud systems potentially identified certain individuals as current or former Prelude patients, by virtue of refunds issued for health-related services provided by Prelude. The impacted information included only the affected patients’ names and addresses. The impacted information did not contain Prelude patients’ Social Security Numbers, financial account information, payment card information, driver’s license numbers or other medical/health insurance information. Please note that, to date, Prelude has not received any information from Blackbaud that Prelude’s information was specifically accessed or acquired by the cyber criminal, but this possibility could not be ruled out.
Prelude recommends patients remain vigilant for attempts to obtain sensitive information using social engineering. This is when someone requests the individual provide sensitive information such as bank account information or Social Security number by using information about the patient’s recent medical visit in an attempt to show the request is legitimate. In addition, as a best practice, individuals should always carefully review Explanations of Benefits for suspicious or unauthorized activity and report any instances of fraud to law enforcement.
Additional information about the event can be found at Prelude’s website: www.preludeiowa.org
SOURCE Prelude Behavioral Services