LifeFlight Foundation one of thousands of nonprofits affected by software security event

Release Date: 8/18/2020 12:00:00 AM

The LifeFlight Foundation has learned that it is one of thousands of nonprofit organizations, including many in Maine, to be affected by a security event at Blackbaud, the company that hosts our fundraising databases.

The affected databases include information about donors, potential donors, those who may have attended a fundraising event, patients who we believe may want to support our healthcare mission, and others in the community with whom we have relationships. LifeFlight of Maine maintains electronic health records separate from the Foundation. These records were not affected in the event.

Blackbaud has advised that the cybercriminals who attacked Blackbaud did not gain access to any credit card, bank account, or social security numbers; however, they may have accessed other types of information. The Foundation will directly contact anyone whose personal information was accessed as a result of this incident by mail or email.

“The trust of our patients, donors, and community partners is of extreme importance to us,” says Thomas Judge, Executive Director of LifeFlight of Maine and the LifeFlight Foundation. “We are committed to clearly communicating with our constituents and ensuring that our fundraising data will continue to be fully protected.”

Anyone who has questions is encouraged to reach out to the LifeFlight Foundation at info@lifeflightmaine.org or 207-230-7092.


Frequently Asked Questions

What happened?
Blackbaud, the company that hosts LifeFlight Foundation’s fundraising databases, learned of a global data security event and notified its subscribers. The affected databases include information about donors, potential donors, those who may have attended a fundraising event, patients who we believe may want to support our healthcare mission, and others in the community with whom we have relationships. LifeFlight of Maine maintains electronic health records separate from the Foundation.
According to Blackbaud, the cybercriminals were not successful at gaining access to Blackbaud’s encrypted files (credit card, bank account, or social security numbers), but they were able to access backup files that could contain fundraising demographic and contact information.

What is LifeFlight Foundation’s relationship with Blackbaud?
Blackbaud is one of the largest providers of fundraising database and support services for healthcare organizations, educational institutions, and other nonprofits. Blackbaud has provided these services to the Foundation and many non-profit organizations across Maine for many years without incident.

This security incident affects thousands of organizations around the world. More than 25,000 organizations worldwide store information on Blackbaud.

How did Blackbaud respond?
According to Blackbaud, their teams were able to quickly identify the vulnerability associated with this incident, including the tactics used by the cybercriminal, and took swift action to fix it. Blackbaud says that they have confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics.

How is LifeFlight Foundation responding?
The LifeFlight Foundation is currently working with Blackbaud to understand the number of parties affected by this incident, and what types of information were accessed by the threat actor. The Foundation will reach out by mail or email to anyone whose personal information was accessed as a result of this incident. The Foundation takes the protection of fundraising information very seriously and will continue to work with Blackbaud to ensure that it is secure.

Why did it take so long for the Foundation to be notified?
According to Blackbaud, they prioritized fending off the cybercriminal’s attempt to encrypt their customer files, preventing them from blocking their system access, and expelling them from their system. Blackbaud first discovered the compromise on May 14, stopped the cyberattack on May 20, worked to understand what information was exposed and who was affected by July 9, and notified the LifeFlight Foundation on July 16.

Why did it take so long for the Foundation to notify donors and patients?
Since being notified, the Foundation has been working with Blackbaud to fully understand exactly what information was compromised and which donors and patients were affected. Communication began as soon as the Foundation had the information needed to provide an initial notification.

What is LifeFlight Foundation doing to maintain the trust of donors and patients?
The Foundation is committed to providing clear, transparent communication about the incident as well as receiving feedback and answering questions. The Foundation is also monitoring Blackbaud’s response, including the steps that Blackbaud is taking to protect donor information moving forward. The Foundation will share additional information with donors and patients if and when it becomes available.

What can those affected do if they have questions?
Anyone who has questions is encouraged to reach out to the LifeFlight Foundation at info@lifeflightmaine.org or 207-230-7092.