A healthcare system based in Virginia said its third-party vendor experienced a data security breach earlier this year that affected more than 23,000 patients, donors and employees of the system.
Chesapeake Regional Healthcare announced Tuesday that they have informed the people affected by the data breach against its fundraising and data hosting vendor, Blackbaud, in February. The breach may have also reoccurred until May 20.
The healthcare system said in a statement that they were told about it in September.
The organization said the breach presents a low risk for identity theft since “the cybercriminal did not access credit card information” or other personal identification information of the 23,000 people.
The breach did remove files that may have included names, mail and email addresses and demographic information of the people affected, according to Blackbaud. The vendor said there is no evidence that any of that data was misused or disseminated.
Chesapeake Regional Healthcare also has locations in North Carolina.