We are deeply grateful for your support of UT Health San Antonio, and we are committed to excellence in the stewardship of our relationship. With our gratitude, comes a responsibility to keep you fully informed of matters involving any constituent records we maintain.

We want you to know that we were recently notified by Blackbaud, Inc., a third-party database provider, of a security data breach.  Blackbaud is the world’s largest provider of software and online applications that support philanthropic and communication activities, serving more than 45,000 clients that include universities, healthcare organizations, nonprofits and foundations in more than 100 countries. UT Health San Antonio, UT System Administration, and most UT institutions use one or more Blackbaud products.

What happened?

At this time, we understand that Blackbaud discovered – and was able to stop – a ransomware attack in May. Based on the information we received from Blackbaud on July 16, a cybercriminal accessed copies of some customer files containing constituent information. Blackbaud worked with security experts and law enforcement to respond to the ransom threat, and they report that they have received confirmation that the stolen data was destroyed and not used by the cybercriminal.

Immediately upon notification of the incident from Blackbaud, the UT System Administration and each of our UT institutions have been working diligently, conducting an array of internal reviews with our legal, information security, and privacy experts to determine the exposure of our records, if any. At this time, we are not aware of fraudulent activity that has occurred with any constituent records, and we continue to work with Blackbaud to learn more.

What information was involved?

We have been informed by Blackbaud that data included publicly available information (name, date of birth, address, phone and email addresses) as well as date of birth and relationship history/engagement information. Blackbaud further reported that credit card information, bank information, and Social Security numbers were not accessed by the cybercriminal. Moreover, UT Health San Antonio does not store such data.

How might you get more information?

We take the protection and proper use of your information very seriously and are remaining vigilant as we continue to monitor and learn more. We respectfully recommend that you do the same.

Blackbaud has reported that it has already implemented several security changes to protect constituent data from any subsequent incidents.

• You can read Blackbaud’s notification of the security incident here: https://www.blackbaud.com/securityincident
• You may also review more details about Blackbaud’s security, risk, compliance and privacy programs here: https://www.blackbaud.com/security

We are profoundly sorry for any concern and inconvenience this incident may have caused. You have entrusted your generosity to us, and we owe you everything we can possibly offer to ensure your privacy and safety.

If you have additional questions, please reach out to us at makelivesbetter@uthscsa.edu or you may contact me directly at morrilld@uthscsa.edu or by phone at (210) 567-6395.

Respectfully,

Deborah H. Morrill, MS
Vice President for Institutional Advancement and Chief Development Officer