The US-based electronic health record software provider NextGen Healthcare has acknowledged that hackers broke into its systems and stole the personal information of over 1 million patients.
NextGen Healthcare reported a data breach to the Maine attorney general's office, and it was confirmed that the hackers gained access to the personal information of 1.05 million patients, including about 4,000 people from Maine. The affected patients' names, dates of birth, addresses, and Social Security numbers were stolen, the company also informed the patients.
The company revealed that it discovered the data breach in April 2023 and immediately launched an investigation with the help of third-party cybersecurity experts. The investigation confirmed that unauthorized individuals had accessed patient data through a vulnerability in the software used by NextGen Healthcare.
This is not the first cyberattack that NextGen Healthcare has faced this year. In January 2023, the company was hit by a ransomware attack that was claimed by the ALPHV ransomware gang, also known as BlackCat. It remains unclear if the same group was behind the recent data breach.
The recent cyberattack is the latest in a series of healthcare data breaches that have affected millions of patients in the United States. NationBenefits, a Florida-based technology company, confirmed last week that hackers stole data of more than 3 million members, while Brightline, a virtual therapy provider for children, said that data of more than 960,000 of the company’s pediatric mental health patients were stolen.
The healthcare industry has become an attractive target for cybercriminals due to the sensitive nature of patient data, which can be used for identity theft and medical fraud. As healthcare providers increasingly rely on technology to store patient data and manage their operations, the risk of cyberattacks has also increased.
In response to the recent data breach, NextGen Healthcare said that it is taking steps to enhance the security of its systems and prevent similar incidents from occurring in the future. The company is also offering free credit monitoring and identity theft protection services to affected patients.
The incident underscores the importance of organizations taking proactive measures to protect sensitive patient data from cyberattacks.
Healthcare providers should ensure that their systems are up-to-date with the latest security patches, implement multi-factor authentication, conduct regular security audits, and provide cybersecurity training to their employee.