An unauthorized intrusion into the computer network of Perry Johnson & Associates (PJ&A), a medical transcription services provider, has exposed sensitive information on up to 3.9 million patients associated with Northwell Health, Long Island’s largest healthcare system. The breach potentially compromised medical records, lab results, and insurance details.hea
While Northwell’s systems were not directly affected, patient records were among those copied during the cyberattack on PJ&A’s network. The breach, occurring between March 27 and May 2, 2023, accessed information such as patients’ names, Social Security numbers, dates of birth, addresses, and medical records.
Perry Johnson & Associates reported the data breach to the California attorney general’s office, stating that an unauthorized party gained access to its network during the mentioned period. The compromised information includes not only personal details but also extensive medical data, such as laboratory and diagnostic testing results, medications, treatment facility names, and healthcare providers’ information.
The company engaged a cybersecurity vendor to investigate and address the threat, eventually containing it and enhancing system security. Following the investigation, PJ&A initiated the notification process, informing affected individuals through data breach notification letters.
Northwell Health, although unaffected directly, has acknowledged that records related to its patients were copied during the PJ&A breach. The healthcare system, serving as a precautionary measure, is providing free identity theft protection services to all affected patients.
Despite inquiries about the continued use of PJ&A’s services, Northwell did not provide a response. The breach highlights the ongoing challenges healthcare organizations face in safeguarding patient data and underscores the need for robust cybersecurity measures across the entire healthcare ecosystem.