Private Data of 23,000 at Risk as Chesapeake Regional Healthcare Suffers Data Breach
A new data breach has exposed the personal data of thousands of citizens of the state of Virginia.
The target of the cyber attack was Chesapeake Regional Healthcare, who announced its third-party hosting provider suffered a data breach. The attack took place at a much earlier point in 2020 and could affect around 23,000 people whose records were contained in the database. Chesapeake Regional Healthcare has sent notifications to those affected.
The breach affected patient records as well as employee records. What exactly is contained in the database is not too clear, but reports state that accessed files may have contained names, e-mails and other bits of information.
The healthcare institution claimed the breach was "low-risk" because there were no credit card details stored in the affected database, or other "personally identifiable information". It's unclear what management's idea of personally identifiable information is because real names and e-mails are two of the most identifiable pieces of data you can have on an individual in today's world.
Alarmingly, the original breach took place back in February 2020, with a likely incident in spring 2020, but was reported only recently - nearly 10 months after the original attack. This sort of delay is never good news and might be an indication of severe digital security negligence.
It's not clear how the medical institution was alerted to the breach and whether they were informed by a third party security expert or discovered it on their own.
Sadly, there is practically nothing people can do to safeguard against similar breaches. No matter how strictly you adhere to good digital security practices, once you need to submit your data to a service and it goes in their database, you are only as secure as the servers and infrastructure used.
The best thing you can do in similar breaches is change your password for the compromised service and hope for the best. Of course, that won't make your personal information hackers stole magically disappear, but there is, sadly, nothing you can do about that.