Massive Data Breach: 9 Million Patients Affected After US Medical Transcription Firm Hacked
In one of the worst medical-related data breaches in recent times, a cyberattack on a U.S. medical transcription service has resulted in the theft of highly sensitive personal and health information of close to nine million patients. The targeted company, Perry Johnson & Associates (PJ&A), is a medical transcription service provider based in Henderson, Nevada, offering transcription services to healthcare organizations and physicians.
PJ&A recently disclosed that the data breach, which began as early as March 2023, has affected over 8.95 million individuals. The breach involved the theft of patient names, dates of birth, addresses, medical record and hospital account numbers, admission diagnosis, and dates and times of service. Additionally, the stolen data contained some Social Security numbers, insurance and clinical information, such as laboratory and diagnostic testing results, medications, the names of treatment facilities, and the names of healthcare providers.
Extent of the Breach
The full nature of the cyberattack is yet to be determined, and PJ&A’s CEO, Jeffrey Hubbard, has not provided any comments on the incident. Two of PJ&A’s customers, Northwell Health and Cook County Health, have confirmed that their patients’ data has been affected by the breach. Northwell Health, the largest healthcare system in New York State, reported that 3.89 million of their patients were impacted. Cook County Health, a healthcare system in Illinois, stated that 1.2 million of their patients were affected, including 2,600 patient records that contained Social Security numbers. As of now, the data of approximately four million patients remains unaccounted for.
Significance of the Breach
The PJ&A breach is the second largest in terms of size, following the theft of 11 million records by HCA Healthcare earlier this year. This incident further highlights the vulnerability of the healthcare industry to cyberattacks and data breaches. In the same week, healthcare giant McLaren reported that 2.2 million patients had their data accessed during a ransomware attack, while online pharmacy startup Truepill confirmed that hackers had obtained sensitive data of 2.3 million patients, including medication details.
If you or your organization have been affected by the PJ&A breach, please reach out to TechCrunch for further assistance and support.