Chesapeake Regional Healthcare takes the protection and proper use of patient, donor, and employee information very seriously. We value those who may want to support our Chesapeake Regional Health Foundation, as well as others in the community with whom we have relationships. We also value personal information and do our best to safeguard patient, employee and donor privacy. However, there has been a data security incident that may have involved personal information. We take this seriously and are notifying affected individuals and providing them with steps they can take to protect themselves.
What Happened
We recently learned that Blackbaud, a third-party service vendor providing fundraising, donor engagement and data hosting services for the Chesapeake Regional Health Foundation and other nonprofit organizations around the world, experienced a security incident. They discovered and stopped a ransomware attack and their cyber security team - together with independent forensics experts and law enforcement - successfully prevented the cybercriminal from doing further damage. On September 9, 2020, Blackbaud notified Chesapeake Regional that the incident had occurred. After obtaining the specific data, the vendor confirmed which patients, employees and donors had been involved.
What Information was Involved
The cybercriminal removed a copy of Blackbaud’s backup file which may have contained personal contact information such as name, mail address, email address, demographics and a history of your relationship with our organization, such as donation dates and amounts. This occurred at some point beginning on February 7, 2020 and may have intermittently reoccurred until May 20, 2020.
Because the cybercriminal did not access credit card information, bank account information, social security numbers, and other personal identification information, the data breach presents a low risk for identity theft. According to Blackbaud, there is no evidence to believe that any data will be misused, disseminated, or otherwise made publicly available.
What Are We Doing
We are notifying you so that you can take immediate action to protect yourself. Ensuring the safety of our patient, employee and donor data is of utmost importance to us. As part of ongoing efforts to help prevent something like this from happening in the future, Blackbaud has already implemented several changes that will protect your data from any subsequent incidents. Their team has confirmed through testing by multiple third parties that the implementation of their corrective action plan withstands all known attack tactics.
What You Can Do
As a best practice, Chesapeake Regional encourages patients and donors to remain vigilant and promptly report any suspicious activity to the proper law enforcement authorities. Review financial account statements, explanation of benefits statements and credit reports for fraudulent or irregular activity on a regular basis.
For your convenience, the contact information for the three major credit agencies is below:
- Equifax: equifax.com or call 800-685-1111
- Experian: experian.com or call 888-397-3742
- Transunion: transunion.com or call 888-909-8872
Should you have any further questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to email us at blackbaud@chesapeakeregional.com or call us at 1-833-905-3206.
We sincerely apologize for this incident and regret any inconvenience it may cause you.