PJ&A (Perry Johnson & Associates) is warning {that a} cyberattack in March 2023 uncovered the non-public data of just about 9 million sufferers.
PJ&A gives medical transcription companies to healthcare organizations in america.
The corporate mentioned the risk actors breached their community and had entry between March 27 and Might 2, 2023. Its investigation revealed that the next data had been uncovered to the risk actors:
- Full title
- Date of start
- Medical file quantity
- Hospital account quantity
- Admission analysis
- Date and time of service
- Social Safety numbers (SSNs)
- Insurance coverage data
- Medical transcription information (lab and diagnostic take a look at outcomes)
- Treatment particulars
- Therapy facility and healthcare supplier names
PJ&A started sending notices of a knowledge breach on October 31, 2023, to alert impacted people that their delicate healthcare data had been compromised.
Supply: BleepingComputer
The information uncovered for every individual varies relying on what data they supplied to the healthcare companies and the kind of therapy they obtained.
The knowledge accessed by the unauthorized occasion doesn’t embody monetary data or account credentials.
The precise variety of the folks affected by this cyber-incident had remained unknown till PJ&A submitted the related data to the breach portal of the U.S. Division of Well being and Human Providers Workplace for Civil Rights, which now confirms the quantity to be 8,952,212 sufferers.
Beforehand, Chicago’s largest healthcare supplier, Prepare dinner County Well being (CCH), notified 1.2 million sufferers that their medical data had been breached within the PJ&A incident, saying that it could terminate its relationship with the seller consequently.
Yesterday, Northwell Well being, New York’s largest healthcare supplier, introduced it suffered an oblique knowledge breach ensuing from the PJ&A community compromise. The notification states that Northwell knowledge was stolen between April 7 and April 19.
The variety of impacted people who obtained care in Northwell Well being’s clinics and had their delicate data uncovered on this incident surpasses 3.8 million.
This implies one other 4 million folks whose medical knowledge was uncovered by way of different healthcare suppliers haven’t been notified but.
Bleeping Pc has contacted PJ&A with additional questions concerning the assault, however a remark was not instantly obtainable.