HQ/EMEAFind out how we can help your business
One of the most prominent medical providers of medical transcription services, Perry Johnson & Associates (PJ&A), disclosed that a cyberattack in March 2023 had compromised the personal data of nearly nine million patients.
Based on reports, the data breach incident allegedly occurred between March 27 and May 2 and exposed sensitive information, such as full names, dates of birth, medical record numbers, and Social Security numbers.
PJ&A, responsible for handling medical transcription files, revealed that the exposed data included admission diagnoses, dates and times of service, insurance details, medication information, and even treatment facility and healthcare provider names. Moreover, the incident has compromised every patient’s Lab and diagnostic test results.
PJ&A started to notify the affected individuals late last month after confirming the legitimacy of the malicious incident.
PJ&A started rolling out notifications to the affected individuals on October 31, 2023. The notification included the details of the investigations and confirmed the involved parties reached approximately 8,952,212 patients. The exposed data varied among individuals based on the information they had provided to healthcare services and the nature of their treatments.
Fortunately, the threat actors did not access the affected patients’ financial information and account credentials. However, the impact of this breach extended beyond PJ&A’s client base, as Cook County Health, Chicago’s largest healthcare provider, cut ties with the vendor, affecting 1.2 million patients.
Adding to the growing concern, Northwell Health, New York’s largest healthcare provider, reported an indirect data breach linked to the incident. The breach occurred between April 7 and April 19, affecting nearly four million individuals who received care in Northwell Health’s clinics. This revelation indicates that another four million people whose medical data was exposed through other healthcare providers are yet to be notified.
The incident has raised severe concerns about the integrity and security measures within the healthcare industry and the potential impact on other institutions on a single breach. PJ&A has not disclosed further insights about the attack.
As the investigation continues, the healthcare sector should consider upgrading its cybersecurity defences to protect the sensitive information entrusted to its care as more and more threat actors are targeting the industry.
