Nearly 9 million patients’ records compromised in data breach

Jason Macuray
A cyberattack on a medical transcription company compromised highly sensitive health data belonging to nearly four million patients at Northwell Health, New York State’s largest healthcare provider and private employer.

A cyberattack on a medical transcription company compromised highly sensitive health data belonging to nearly four million patients at Northwell Health, New York State’s largest healthcare provider and private employer.

The breach also impacted a healthcare system in Illinois, Cook County Health, which disclosed that 1.2 million of its patients were affected. About four million additional patients from undisclosed locations were also impacted.

The attack is one of the worst medical data breaches in recent years, according to a U.S. Department of Health and Human Services data breach list.

The Nevada-based transcription company, Perry Johnson & Associates (PJ&A), disclosed the breach earlier this month in a legally required filing, revealing that the breach began as early as March and that it did not begin to notify affected patients until the end of September.

According to a PJ&A notice, the stolen data not only included basic information like patient names, addresses and dates of birth, but also admission diagnoses, some Social Security numbers, laboratory and diagnostic testing results and medications.

A Northwell spokesperson said 3.89 million patients were affected and shared a statement confirming it had been informed of the breach by PJ&A.

“While none of Northwell’s systems were impacted by this cyberattack on PJ&A, Northwell has been informed by PJ&A that records relating to Northwell’s patients were among the files copied from PJ&A’s network,” the statement said.

The statement noted that Northwell is “not aware of any evidence of subsequent misuse of the information obtained from PJ&A’s network,” but is offering all impacted patients with a free identity theft service.

An unauthorized user gained access to the PJ&A network between March 27 and May 2, the company reported.

The PJ&A notice said the company has hired a cybersecurity vendor to “assist with the investigation, contain the threat, and further secure our systems.”

It noted that the incident did not allow the hacker to access systems or networks belonging to its customers and said there is no evidence to date of patients’ information being used for identity theft or fraud.

A class action lawsuit was filed against Northwell Health and PJ&A earlier this month.

BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Suzanne Smalley is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Multiple colleges, K-12 schools facing outages after cyberattacks

Next Post

Two top Ukrainian cyber officials dismissed amid embezzlement probe

Related Posts

New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a
Avatar
Read More

Apple warns of increased iPhone security risks

Apple is telling European customers that new EU competition laws will make iPhones less safe once the company is forced to open up its platforms to third-party App Stores. The company, not exactly happy about this, has published a 32-page white paper where it spells out the risks arising from the EU’s big experiment.The EU’s formal adoption of the Digital Markets Act (DMA) means Apple must make several changes to its App Store and business models. Changes include the introduction of support for third-party app stores, opening up to payment systems other than Apple Pay, and more.To read this article in full, please click here
Avatar
Read More