Notice to Our Patients Regarding a Privacy Incident
Moffitt Cancer Center is committed to protecting the security and privacy of our donors, patients and all individuals who support our fundraising efforts through the Moffit Cancer Center Foundation. Regrettably, this notice is regarding a recent incident that occurred with one of our vendors, Blackbaud, that may have allowed the release of some of our patients’ information.
Blackbaud is a vendor that provides the Foundation with cloud-based and data solution services related to our donors and fundraising. Blackbaud informed us that it had discovered that an unauthorized individual gained access to its systems between February 7, 2020 and May 20, 2020. Blackbaud advised us that the unauthorized individual may have acquired a backup of the database that manages our donor information. The incident was not targeted at Moffitt and affected numerous Blackbaud clients. Moffitt immediately took steps to understand the extent of the incident and the data involved.
Based on information provided by Blackbaud, on August 21, 2020, Moffitt determined that some patient information may have been contained in the database affected by this incident, including patient names, addresses, phone numbers, dates of birth, gender, physician(s) name, physician(s) specialty and that an individual may have been a patient of Moffitt. For a very limited number of patients, social security numbers and financial information may have been contained on the database. Also, this incident did not involve any access to Moffit’s medical systems or electronic health records.
Moffit began mailing letters to individuals with information contained on the database on October 20, 2020. Moffit also established a dedicated call center to answer any questions about the incident, which can be reached at (877) 376-0085, Monday through Friday, 8 a.m. and 5:30 p.m. ET and 9 a.m. to 1 p.m. ET Saturdays excluding major U.S. holidays. While this disclosure was out of our control, we are working closely with Blackbaud leadership to review how information is stored and to ensure that appropriate security measures are put in place for the protection of our patient/donor information. We recommend impacted patients review the statements they receive from their healthcare providers. If they see services they did not receive, they should contact the provider immediately.