CHESAPEAKE, Va .– Chesapeake Regional Healthcare experienced a data security incident starting Feb. 7 that could recur intermittently through May 20, the organization said.
Authorities informed 23,058 patients, donors and staff of the incident after learning that Blackbaud, a third-party service provider providing fundraising, donor engagement and data hosting services for Chesapeake Regional Health Foundation and other nonprofits around the world, has experienced a data security incident.
“Blackbaud discovered and stopped a ransomware attack and their cybersecurity team – working with independent forensic experts and law enforcement – was successful in preventing the cybercriminal from causing further damage,” said responsible in a statement.
On September 9, Blackbaud informed Chesapeake Regional that the incident had occurred. After obtaining the specific data, the supplier confirmed which patients, employees and donors had been involved.
According to Blackbaud, the cybercriminal deleted a copy of the vendor’s backup file, which may contain personal contact information such as name, mailing address, email address, demographics and a history of your relationship. with our organization, such as dates and amounts of donations.
Because the cybercriminal did not gain access to credit card information, bank account information, social security numbers, or other personally identifying information, the data breach presents a low risk of theft. ‘identity, said Chesapeake Regional Healthcare.
According to Blackbaud, there is no reason to believe that any data will be misused, released or otherwise made public.
Patients, donors and staff have been notified by first class mail and / or email.
Blackbaud assured Chesapeake Regional that they have implemented several changes to protect the data from any future mishaps. Their team has confirmed through testing by several third parties that the implementation of their corrective action plan is resistant to all known attack tactics.
“Breaches happen every day. Sometimes it’s the fault of software glitches or coding issues, but that’s just life in 2020. That’s why it’s so important that everyone is educated on the proper security procedures and what to do with them. ‘you have to do when they find out,’ said Gregg Tennefoss, cybersecurity expert, who is a professor at Tidewater Community College.
Blackbaud has several clients in the Hampton Roads area. News 3 contacted them to ask if they were affected by the security breach. We also contacted Blackbaud, who said, “To respect the privacy of our customers, we are not disclosing the total number of customers (or any segment) involved in the incident, and we cannot provide the names of those. who were part of it. of this incident and we cannot discuss any specific customer. Customers who were part of this incident have been notified. We will not comment beyond the statement on our website. Thank you for your understanding. ”
Click here to read Blackbaud’s full statement.