Data Company Breach May Have Affected Donors to Sentara Health Foundation

NORFOLK, VA – December 24, 2021 – Sentara Foundation contracts with a vendor named Blackbaud to store donor information. Blackbaud announced that in May 2020, an unauthorized third party tried to deploy ransomware within its environment. Blackbaud encrypts most of the data it stores, but some less sensitive fields, such as name and mailing address, were left unencrypted.

Blackbaud conducted a forensic investigation and cooperated with the Federal Bureau of Investigation ("FBI") as part of its incident response. Per Blackbaud, the FBI did not consider the information taken to be at risk. However, Blackbaud could not rule out the fact that a limited amount of data was accessed, and therefore notified Sentara Foundations.

The type of information that could have been accessed was limited to names, addresses, telephone numbers, and dates of birth. The incident did not involve Social Security numbers, payment card data, or financial account information.

Sentara is not aware of any instances of fraud or identity theft arising out of the incident. Blackbaud has assured us that any sensitive information that could lead to a risk of identity theft was encrypted and therefore inaccessible to the bad actor. Nonetheless, even though only the limited information noted above may have been involved, the Department of Health and Human Services is requesting that we provide notice of the incident to our donors.

We value the trust that our Foundations' donors place in us. We take steps to safeguard donors' personal information and we expect our vendors to do the same. We apologize for any concern this incident might cause.

For further assistance, starting Tuesday, December 28th, donors may call 855-223-4826 from 6:00 a.m. to 8:00 p.m. PST, Monday – Friday and 8:00a.m. to 5:00 p.m. PST, Saturday and Sunday (excluding major US holidays). Please provide engagement number B021999 for assistance.