For COVID-19 and vaccination updates, view our information for the community. If you're experiencing symptoms, call your primary care provider.
Notice of Blackbaud Incident
Notice to Our Patients of a Privacy Incident
Nebraska Methodist Health System (“NMHS”) is committed to protecting the security and privacy of our patients. Regrettably, we learned of a data security incident that occurred at one of our vendors, Blackbaud, Inc. (“Blackbaud”), that involved some of our data.
Blackbaud is a third-party vendor that provides customer relationship management and financial services tools for fundraising purposes to thousands of schools, health systems, and non-profits, including the Methodist Hospital Foundation and the Jennie Edmundson Foundation. On Sept. 21, 2020, we received notification from Blackbaud that it experienced a data security incident involving unauthorized access to the Blackbaud systems between Feb. 7, 2020 and May 20, 2020. Blackbaud further advised that the unauthorized individual may have acquired backup copies of customer databases, including the databases used by the Methodist Hospital Foundation and the Jennie Edmundson Foundation for fundraising efforts.
At the time of the notification, Blackbaud did not confirm what information may have been involved in the incident. We immediately took steps to investigate the extent of the incident and the data involved and worked with Blackbaud to obtain additional information.
On Oct. 16, 2020, our investigation and review of the Blackbaud database determined that it contained some patient information, including names, demographic and contact information, medical record numbers, reasons for visits, treating physicians, treating facilities and/or encounter types (i.e. inpatient, outpatient surgery, observation, or emergency outpatient).
Importantly, Social Security numbers, financial account, and credit card account information were not part of the information stored in the Blackbaud database and they were not involved in the incident. Also, this incident did not involve any access to NMHS’s network or systems. The incident occurred at NMHS’s third-party vendor, Blackbaud, which informed us that they closed the vulnerability that allowed the incident to occur and are taking steps to enhance their security controls.
We want our patients to know that we are taking this matter very seriously and regret any concern or inconvenience the incident may have caused. We mailed letters regarding the incident to the patients whose information was contained in the Blackbaud database on Dec. 14, 2020. We have established a dedicated call center to answer any questions about this incident, which may be contacted for more information at (833) 971-3260, Monday through Friday, 8 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays. To help prevent something like this from happening again, we are also evaluating our relationship with Blackbaud and its security safeguards.
For affected patients, NMHS recommends they review the statements they receive from their healthcare providers; if they see services they did not receive, they should contact the provider immediately.