NextGen Healthcare Hit with Cyberattack Potentially Exposing Protected Health Information

This is the second attack to hit NextGen in recent months.

By HFT Staff
May 19, 2023

NextGen Healthcare has started notifying more than one million individuals across the United States about a hacking incident that exposed their protected health information. NextGen Healthcare is an Atlanta, GA-based provider of electronic health records and practice management solutions to doctors and ambulatory care providers. On March 30, 2023, suspicious activity was detected in its NextGen Office system and third-party cybersecurity experts were engaged to conduct a forensic investigation to determine the nature and scope of the security breach. The investigation revealed unauthorized individuals had access to the system between March 29, 2023, and April 14, 2023. 

NextGen said unauthorized individuals had access to “a limited dataset” during that period, which included protected health information such as names, addresses, dates of birth and Social Security numbers. No evidence was found to indicate the attackers accessed patient medical records or any health or medical data and there have been no reports of any actual or attempted misuse of patient data. Passwords were reset when the breach was discovered, and additional security measures have now been implemented to strengthen security. Notification letters have already started to be sent to affected individuals, who have been offered complimentary credit monitoring and identity theft protection services for 24 months. 

The data breach has yet to appear on the HHS’ Office for Civil Rights breach portal but is showing on the websites of several state Attorneys General. The breach notification issued to the Maine Attorney General indicates 1,049,375 individuals were affected in total, including 3,913 Maine residents. The breach was reported to the Texas Attorney General as involving the PHI of 131,815 Texas residents. 

This is the second cyberattack to affect NextGen Healthcare in recent months. In January 2023, NextGen was added to the data leak site of the BlackCat ransomware group, although the listing was later taken down. The incident was investigated and a spokesman for NextGen said no patient data had been exposed or downloaded, and consequently this was not a reportable data breach. 

See the latest posts on our homepage Share

Topic Area: Information Technology , Safety , Security

Recent Posts
Recent Posts

Can Adding Moisturizer to Hand Soaps Help Fight Skin Irritation from Frequent Handwashing?

Soap manufacturers join to discuss what kind of moisturizers can be included in hand soaps.


Albany ENT & Allergy Services Targeted by Two Ransomware Groups

The protected health information of over 220,000 individuals was accessed.


Novant Health Breaks Ground on Scotts Hill Medical Center Project

The new facility aims to be a one-stop healthcare destination.


Heat Pump Installation Reduces Costs, Improves Efficiencies

University Health Network’s Bickle Center finds success with heat recovery alternative.


Man Dies After Falling Out of Hospital Window

A man fell out of a hospital window after threatening hospital staff and a police officer.



News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Like