Chesapeake Regional Healthcare Informs 23,058 Patients of Data Security Incident
CHESAPEAKE, Va.– Chesapeake Regional Healthcare has notified 23,058 patients, donors, and employees after learning that Blackbaud, a third-party service vendor providing fundraising, donor engagement, and data hosting services for the Chesapeake Regional Health Foundation and other nonprofit organizations around the world, experienced a data security incident.
Blackbaud discovered and stopped a ransomware attack and their cybersecurity team - together with independent forensics experts and law enforcement - successfully prevented the cybercriminal from doing further damage. This occurred at some point beginning on February 7, 2020, and may have intermittently reoccurred until May 20, 2020.
On September 9, 2020, Blackbaud notified Chesapeake Regional that the incident had occurred. After obtaining the specific data, the vendor confirmed which patients, employees and donors had been involved. According to Blackbaud, the cybercriminal removed a copy of the vendor’s backup file which may have contained personal contact information such as name, mail address, email address, demographics and a history of your relationship with our organization, such as donation dates and amounts.
Because the cybercriminal did not access credit card information, bank account information, social security numbers, and other personal identification information, the data breach presents a low risk for identity theft. According to Blackbaud, there is no evidence to believe that any data will be misused, disseminated, or otherwise made publicly available.
Patients, donors and employees have been notified by first-class mail and/or email. Blackbaud has assured Chesapeake Regional that they have implemented several changes to protect data from any subsequent incidents. Their team has confirmed through testing by multiple third parties that the implementation of their corrective action plan withstands all known attack tactics.
# # #