Dear Hawaii Pacific Health Supporter,

We are writing to inform you about a data security incident that may have involved your personal information. On July 16, we were notified by Blackbaud, a cloud software company that hosts our philanthropy data, that they recently experienced a security compromise. Blackbaud is used by many schools, colleges and nonprofits nationwide and here in Hawaii for philanthropy, alumni engagement and internal fund management services, so you may be hearing from other organizations who are also impacted by this incident. Hawaii Pacific Health takes the protection and proper use of your information very seriously, which is why we are contacting you to explain the incident and provide you with steps you can take to protect yourself.

What Happened

According to Blackbaud, they discovered and stopped a ransomware attack in May. Blackbaud’s cyber security team worked with law enforcement to successfully prevent the cybercriminal from blocking their system access and fully encrypting files. However, prior to the lockout, the cybercriminal removed a backup file containing personal information. Blackbaud paid a ransom to ensure the backup copies were destroyed.

What Information Was Involved

We have determined that the file removed may have contained demographic data including your name, address and phone number as well as your philanthropic giving history. Importantly, the cybercriminal did not access your credit card information, bank account information, or social security number.

Based on the nature of the incident, Blackbaud’s research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly.

What Blackbaud is doing

Blackbaud was able to identify the vulnerability associated with this incident and quickly took action to fix it They have confirmed through testing by multiple third parties, that their fix is able to withstand all known cyber attacks. Additionally, they are working to further strengthen their security protocols to protect your information and prevent incidents like this in the future.

What Hawaii Pacific Health is doing

Hawaii Pacific Health is continuing its investigation into the matter and continues to work with Blackbaud to follow-up on the claim and ensure appropriate safeguards are implemented to address the risk and prevent a future recurrence.

What You Can Do

As stated above, the file removed may have contained your contact information and philanthropic giving history. We recommend that you remain vigilant and immediately report to law enforcement authorities any suspicious activity or suspected identity theft. If you are unsure about any solicitation you receive claiming to be from Hawaii Pacific Health, please don’t hesitate to contact our office directly to confirm the solicitation.

We will never ask for your bank account information, such as bank account number or PIN number. All electronic and written communication from us will be clearly marked (1) with emails coming from a “hawaiipacifichealth.org”; “kapiolani.org”; “straub.net”; “palimomi.org”; “wilcoxhealth.org” email address, and (2) written materials and correspondence with an originating and return addresses of Foundations of Hawaii Pacific Health 55 Merchant Street, Suite 2600 Honolulu, HI 96813, and Wilcox Health Foundation 3-3420 Kuhio Highway Lihue, HI 96766.

We sincerely apologize for this incident and regret any inconvenience it may cause you. We appreciate your continued support, and want to reiterate that the protection of your personal information is our utmost priority.

Should you have any further questions or concerns regarding this matter, or if you are unsure of any solicitations related to Hawaii Pacific Health, please do not hesitate to contact our office at 808-535-7100 or Foundations@HawaiiPacificHealth.org.