Minnesota will receive $780,000 from a multistate settlement over an extensive 2020 data breach, Attorney General Keith Ellison announced Thursday.
The money is part of a $49.5 million settlement with 49 states and the District of Columbia with South Carolina-based Blackbaud Inc. over the ransomware attack.
The attack caused personal information of millions of consumers to be exposed. Another issue is that the company was slow to disclose the breach and initially refused to tell customers what information has been accessed.
"This settlement reflects our commitment to holding companies accountable when they do not adequately protect Minnesota consumer data," Ellison said in a statement.
In Minnesota, the breach hit Children's Minnesota, Allina Health, Regions Hospital and Gillette Children's Specialty Healthcare.
Allina said information from more than 200,000 patients and donors may have been at risk. Children's Minnesota notified more than 160,000 families of the breach. At the time, the breach ranked as the second-largest health care data breach in state history and also impacted other Minnesota nonprofits.
Blackbaud is a publicly traded cloud software company that provides service to nonprofits, education, health care and other "social good" organizations. As part of the settlement, Blackbaud agreed to implement several data security practices to safeguard customer information.
"The company expects to pay the full settlement amount to each state and the District of Columbia in October 2023 from its existing liquidity," the company said in a Thursday filing with the U.S. Securities and Exchange Commission (SEC). "The company has entered into the administrative orders without admitting fault of liability in connection with the matters subject to the multistate Investigation."
