Widespread attack on Blackbaud fundraising software claims yet more victims

A data breach at Chesapeake Regional Healthcare has potentially exposed 23,000 individuals' personal information

A data breach at Chesapeake Regional Healthcare in Virginia, US, has potentially exposed more than 23,000 individuals’ sensitive information.

The organization, which operates the Chesapeake Regional Medical Center, Outer Banks Hospital, and numerous ancillary healthcare facilities, this week revealed that the personal data of 23,058 patients, donors, and employees may have been accessed as a result of a third-party breach.

Information including names, mail addresses, email addresses, and demographics, such as donation dates and amounts, were included in the leak.

Those affected by the incident have been notified by first class mail and email, Chesapeake Regional Healthcare said in a statement.

“Because the cybercriminal did not access credit card information, bank account information, social security numbers, and other personal identification information, the data breach presents a low risk for identity theft,” the statement added.

Multiple organization failure

The incident occurred due to a security incident affecting donor and fundraising software vendor Blackbaud.

“Blackbaud has assured Chesapeake Regional that they have implemented several changes to protect data from any subsequent incidents,” Chesapeake Regional Healthcare said.

This incident is not the first breach reported as a result of the Blackbaud cyber-attack in May, which saw attackers take control of the vendor’s servers and encrypt some sets of data.

In September, separate incidents at two US healthcare organizations potentially exposed the personal data of more than 190,000 patients.

Earlier in August, the Mines Advisory Group (MAG), a Manchester, UK-based non-profit involved in the clearance of landmines in war-torn countries, informed donors that their data may have been accessed.

All organizations involved had employed the services of Blackbaud.


READ MORE Healthcare security: OpenEMR fixes serious flaws that lead to command execution in patient portal