More than 1 million people have SSNs leaked after cyberattack on hospital technology giant
Hospital technology giant NextGen Healthcare said hackers accessed the personal information of more than 1 million people during a cyberattack in March.
The multibillion-dollar healthcare company produces electronic health record (EHR) software and practice management systems for hundreds of the biggest hospitals and clinics in the U.S., U.K., India and Canada.
The company began notifying patients in recent days that the names, dates of birth, addresses, and Social Security numbers of 1,049,375 people were accessed by hackers who were in their network from March 29, 2023 and April 14, 2023.
The company did not respond to requests for comment about whether the data breach was connected to a ransomware attack in January conducted by the BlackCat/AlphV ransomware gang.
In the letters sent to victims and shared with state regulators in Maine, Texas, California and Montana, the company explained that it maintains personal information on behalf of the doctors and medical professionals who use its EHR and practice management products.
“On March 30, 2023, we were alerted to suspicious activity on our NextGen Office system. In response, we launched an investigation with the help of third-party forensic experts. We also took measures to contain the incident, including resetting passwords, and contacted law enforcement,” said David Slazyk, NextGen’s chief information and security officer.
The company told those affected that there is “no evidence of any access or impact to any of your health or medical records or any health or medical data.”
After the ransomware attack in January, a company spokesperson told Recorded Future News that they were able to contain the threat and found no evidence that the hackers were able to exfiltrate customer data.
Former Obama administration cybersecurity official Tom Kellermann said healthcare providers continue to be targeted by cybercriminals who specialize in identity theft because many have “woeful inadequate cybersecurity” and because they typically store the most sensitive personal information.
“This is a massive cybercrime which will result in widespread identity theft,” he said.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.