Concentra Health Services reported to the U.S. Department of Health and Human Services on Jan. 9 that the 2023 hack of Perry Johnson & Associates had affected 3.9 million of its patients.
The compromise of the medical transcriber appears to have exposed the personal data of at least 14 million patients and counting. PJ&A reported the hacking incident to HHS’ Office for Civil Rights in November as affecting nearly 9 million individuals.
Concentra, like some other affected entities, has filed its own breach report to HHS OCR, separate from the one submitted by PJ&A. PJ&A faces over 40 proposed class action lawsuits related to the hack, with claims of negligence and failure to safeguard patients’ sensitive information.
The breach prompted New York’s attorney general to issue a public warning about potential ID theft and fraud risks. Concentra urged affected individuals to remain vigilant against identity theft and review their accounts.
The incident, which occurred between March 27 and May 2, 2023, did not involve access to PJ&A’s healthcare clients’ systems and did not expose credit card information, bank details, or usernames/passwords. Personal health information, including Social Security numbers, was compromised for some individuals.
Reference:
