Blackbaud Data Security Incident

The Mary Greeley Foundation was recently notified by Blackbaud, a service provider of the foundation, that the company had been the victim of a ransomware attack. Blackbaud is one of the world’s largest providers of customer relationship management systems for not-for-profit organizations. The cybercriminal was able to remove information from several of Blackbaud’s clients, including the Mary Greeley Foundation.

Please be assured that we do not store Social Security numbers, bank account or credit and debit card information in our system and therefore this was not included in the data breach.

Data accessed by the cybercriminal may have contained information pertaining to your relationship with the foundation or volunteer services, including a summary of giving history and/or volunteer history and public information such as name, title, date of birth, spouse/partner information, phone numbers and email addresses.

We have been informed by Blackbaud that in order to protect constituent data and mitigate potential identity theft, it met the cybercriminal’s ransomware demand. Blackbaud has advised us that it has received assurances from the cybercriminal and third-party experts that the data was destroyed. Blackbaud has been monitoring the web in an effort to verify the data accessed by the cybercriminal has not been misused. 

We do not believe there is a need to take any action at this time. As a best practice, we recommend people remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper authorities.

For more information about this incident, please visit the foundation’s website or contact external-relations@mgmc.com. We will update the information on our website as new information becomes available.

We very much regret the inconvenience that this data breach may have caused. Please be assured that we take data protection very seriously and are grateful for the continued support of our many donors, volunteers and friends.

Frequently Asked Questions

What occurred?

On July 16, 2020, we were contacted by Blackbaud, one of the world’s largest providers of customer relationship management systems for not-for-profit organizations. Company representatives informed us that a Blackbaud service provider had been the victim of a ransomware attack that culminated in late May 2020.

The cybercriminal was unsuccessful in blocking access to the database involved in the attack. However, the cybercriminal was able to remove a copy of a subset of several of their clients’ data. This included a subset of Mary Greeley Foundation and volunteer data.

What information was involved?

Please be assured we do not store Social Security numbers, bank account or credit and debit card information in our system, and therefore none of this information was part of the data breach.

A detailed forensic investigation was undertaken, on behalf of Blackbaud, by law enforcement and third-party cyber security experts.  

The Mary Greeley Foundation data accessed by the cybercriminal in the Blackbaud database may have contained some of the following information:

  • Public information such as name, title, date of birth, spouse
  • Addresses and contact details such as phone numbers and e-mail addresses
  • Giving history and capacity
  • Volunteer and membership history
What actions were taken by Blackbaud?

We have been informed by Blackbaud that in order to protect constituent data and mitigate potential identity theft, it met the cybercriminal’s ransomware demand. Blackbaud has advised us that it has received assurances from the cybercriminal and third-party experts that the data was destroyed. Blackbaud has been monitoring the web in an effort to verify the data accessed by the cybercriminal has not been misused. 

We continue to work with Blackbaud to understand what actions they are taking to increase its security. In addition, we will be evaluating our relationship with Blackbaud moving forward.

When did the data security breach occur?

Blackbaud shared that the data security breach occurred sometime between February 7 and May 20, 2020.

What can I do to protect my personal information?

We do not believe there is a need to take any action at this time. As a best practice, we recommend people remain vigilant and promptly report any suspicious activity or suspected identity theft to the proper authorities.

Who should I contact for more information?

For questions related to the security incident, please contact external-relations@mgmc.com.

Make A Gift

Every donation is highly valued, gratefully appreciated, and used to enhance the health care services we provide to central Iowans.

Donate to Mary Greeley

Contact Us

MGMC Foundation
1111 Duff Ave.
Ames, IA 50010
515-239-2147
E-mail

Choose us as your charity on AmazonSmile

You can support Mary Greeley just by doing your regular Amazon shopping at smile.amazon.com. When you select Mary Greeley as your AmazomSmile charity, Amazon will donate .5% of the of the eligible purchases to Mary Greeley.

Choose Mary Greeley Medical Center as your charity on AmazonSmile*donations from AmazonSmile don't require additional costs