CHESAPEAKE, Va. — Chesapeake Regional Healthcare has released details about a data breach that affected one of its data hosting service vendors.
Blackbaud is a third-party service vendor that provides fundraising, donor engagement and data hosting services for the Chesapeake Regional Health Foundation and other nonprofit organizations around the world.
They discovered and successfully stopped a ransomware attack that started in February 2020 and may have intermittently reoccured until May 2020. Blackbaud's cybersecurity team alongside law enforcement and forensic experts prevented the cybercriminal from doing further damage.
The cybercriminal removed a copy of Blackbaud's backup file which may have contained personal contact information such as names, mailing addresses and email addresses.
No credit card, bank account or social security information was accessed. The breach presents a low risk for identity theft. Blackbaud believes there's no evidence that any data will be misused, disseminated or otherwise made publicly available.
The company reported the breach to Chesapeake Regional Healthcare on Sept. 9 and confirmed which of the healthcare system's patients, employees and donors were impacted. Chesapeake Regional notified 23,058 of its patients, employees and donors. They have been notified by first-class mail and/or email.
Blackbaud has assured Chesapeake Regional that they have implemented several changes to protect data from any subsequent incidents. They've tested and implemented a corrective action plan withstands all known attack tactics.