Near 9 million sufferers had extremely delicate private and well being data stolen throughout a cyberattack on a U.S. medical transcription service earlier this yr, representing one of many worst medical associated data breaches in current occasions.
The medical transcription firm, Perry Johnson & Associates, or PJ&A, is a Henderson, Nevada-based firm that gives transcription providers to healthcare organizations and physicians for dictating and transcribing affected person notes.
In a legally required submitting with the U.S. Division of Well being and Human Companies, PJ&A mentioned greater than 8.95 million people are affected by the data breach that started as early as March 2023.
PJ&A mentioned it started notifying sufferers whose data was breached six months in a while October 31.
Based on PJ&A’s data breach disclosure, the stolen information included affected person names and date of beginning, their deal with, medical document and hospital account numbers, their admission prognosis, and dates and occasions of service. The medical transcription firm mentioned the info additionally included some Social Safety numbers, insurance coverage and medical data from medical transcription recordsdata, corresponding to laboratory and diagnostic testing outcomes, medicines, the names of therapy amenities, and the title of healthcare suppliers.
The precise nature of the cyberattack just isn’t but recognized. PJ&A chief government Jeffrey Hubbard didn’t reply to a request for remark.
At the very least two of PJ&A’s prospects have up to now come ahead to verify their sufferers are affected by the breach, together with Northwell Well being, the biggest healthcare system in New York State.
Northwell Well being spokesperson Jason Molinet confirmed to information.killnetswitch that 3.89 million of its sufferers are affected by the transcription firm’s data breach. It’s the second breach of Northwell Well being affected person information this yr after Nuance Communications, one other transcription supplier, had information stolen throughout a mass-hack earlier this yr.
Prepare dinner County Well being, a healthcare system in Illinois, mentioned in a public discover that 1.2 million of its sufferers are affected by the breach, together with 2,600 affected person information that contained affected person Social Safety numbers.
PJ&A’s data breach is second in dimension solely to the theft of 11 million information by HCA Healthcare earlier this yr, in response to the Division of Well being and Human Companies’ data breach portal, whose information date again to 2020.
Information of the breach is available in the identical week that healthcare large McLaren mentioned 2.2 million sufferers had information accessed by hackers throughout a ransomware assault in August. On-line pharmacy startup Truepill additionally confirmed this week that hackers accessed delicate information of two.3 million sufferers, together with treatment particulars.
Do you’re employed at a company that’s affected by the PJ&A breach? You’ll be able to contact this reporter on Sign and WhatsApp at +1 646-755-8849 or zack.whittaker@techcrunch.com by e mail. You can even contact information.killnetswitch by way of SecureDrop.
