Article Details
Scrape Timestamp (UTC): 2023-11-15 16:16:06.004
Original Article Text
Click to Toggle View
PJ&A says cyberattack exposed data of nearly 9 million patients. PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients. PJ&A provides medical transcription services to healthcare organizations in the United States. The company said the threat actors breached their network and had access between March 27 and May 2, 2023. Its investigation revealed that the following information had been exposed to the threat actors: PJ&A began sending notices of a data breach on October 31, 2023, to alert impacted individuals that their sensitive healthcare information had been compromised. The data exposed for each person varies depending on what information they provided to the healthcare services and the type of treatment they received. The information accessed by the unauthorized party does not include financial information or account credentials. The exact number of the people affected by this cyber-incident had remained unknown until PJ&A submitted the relevant information to the breach portal of the U.S. Department of Health and Human Services Office for Civil Rights, which now confirms the number to be 8,952,212 patients. Previously, Chicago's largest healthcare provider, Cook County Health (CCH), notified 1.2 million patients that their medical records had been breached in the PJ&A incident, announcing that it would terminate its relationship with the vendor as a result. Yesterday, Northwell Health, New York's largest healthcare provider, announced it suffered an indirect data breach resulting from the PJ&A network compromise. The notification states that Northwell data was stolen between April 7 and April 19. The number of impacted individuals who received care in Northwell Health's clinics and had their sensitive information exposed in this incident surpasses 3.8 million. This means another four million people whose medical data was exposed through other healthcare providers have not been notified yet. Bleeping Computer has contacted PJ&A with further questions about the attack, but a comment was not immediately available.
Daily Brief Summary
PJ&A, a medical transcription service provider, experienced a cyberattack that compromised the data of nearly 9 million patients.
The network breach occurred between March 27 and May 2, 2023, and the company began notifying affected individuals on October 31, 2023.
Exposed data includes personal health information, but financial details and account credentials were not accessed.
The total number of impacted patients was confirmed by a report to the U.S. Department of Health and Human Services Office for Civil Rights.
Cook County Health and Northwell Health, both major healthcare providers, are among the entities impacted by the breach, with CCH ending its relationship with PJ&A.
Over 3.8 million Northwell Health patients had their sensitive information stolen over a period of about two weeks due to PJ&A's network being compromised.
An additional four million patients associated with various other healthcare providers have yet to be notified about their data exposure.