PJ&A is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients. PJ&A provides medical transcription services to healthcare organizations in the United States. The company said the threat actors breached their network and had access between March 27 and May 2, 2023. PJ&A began sending notices of a data breach on October 31, 2023, to alert impacted individuals that their sensitive healthcare information had been compromised. The data exposed for each person varies depending on what information they provided to the healthcare services and the type of treatment they received. The information accessed by the unauthorized party does not include financial information or account credentials. The exact number of the people affected by this cyber-incident had remained unknown until PJ&A submitted the relevant information to the breach portal of the U.S. Department of Health and Human Services Office for Civil Rights, which now confirms the number to be 8,952,212 patients. Previously, Chicago's largest healthcare provider, Cook County Health, notified 1.2 million patients that their medical records had been breached in the PJ&A incident, announcing that it would terminate its relationship with the vendor as a result. Yesterday, Northwell Health, New York's largest healthcare provider, announced it suffered an indirect data breach resulting from the PJ&A network compromise. The notification states that Northwell data was stolen between April 7 and April 19. The number of impacted individuals who received care in Northwell Health's clinics and had their sensitive information exposed in this incident surpasses 3.8 million. This means another four million people whose medical data was exposed through other healthcare providers have not been notified yet. Bleeping Computer has contacted PJ&A with further questions about the attack, but a comment was not immediately available. Pharmacy provider Truepill data breach hits 2.3 million customers. McLaren Health Care says data breach impacted 2.2 million people. TransForm says ransomware data breach affects 267,000 patients. Okta hit by third-party data breach exposing employee information. FTC orders non-bank financial firms to report breaches in 30 days.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000