NextGen Healthcare Hit with Cyberattack Potentially Exposing Protected Health Information

This is the second attack to hit NextGen in recent months.

By HFT Staff


NextGen Healthcare has started notifying more than one million individuals across the United States about a hacking incident that exposed their protected health information. NextGen Healthcare is an Atlanta, GA-based provider of electronic health records and practice management solutions to doctors and ambulatory care providers. On March 30, 2023, suspicious activity was detected in its NextGen Office system and third-party cybersecurity experts were engaged to conduct a forensic investigation to determine the nature and scope of the security breach. The investigation revealed unauthorized individuals had access to the system between March 29, 2023, and April 14, 2023. 

NextGen said unauthorized individuals had access to “a limited dataset” during that period, which included protected health information such as names, addresses, dates of birth and Social Security numbers. No evidence was found to indicate the attackers accessed patient medical records or any health or medical data and there have been no reports of any actual or attempted misuse of patient data. Passwords were reset when the breach was discovered, and additional security measures have now been implemented to strengthen security. Notification letters have already started to be sent to affected individuals, who have been offered complimentary credit monitoring and identity theft protection services for 24 months. 

The data breach has yet to appear on the HHS’ Office for Civil Rights breach portal but is showing on the websites of several state Attorneys General. The breach notification issued to the Maine Attorney General indicates 1,049,375 individuals were affected in total, including 3,913 Maine residents. The breach was reported to the Texas Attorney General as involving the PHI of 131,815 Texas residents. 

This is the second cyberattack to affect NextGen Healthcare in recent months. In January 2023, NextGen was added to the data leak site of the BlackCat ransomware group, although the listing was later taken down. The incident was investigated and a spokesman for NextGen said no patient data had been exposed or downloaded, and consequently this was not a reportable data breach. 



May 19, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

3 Ways to Secure a Healthcare Facility

As workplace violence grows in healthcare, being aware of different security methods can help prevent and address dangerous situations.


Use Cases for Insulated Metal Panels in Healthcare Building Projects

Case study: The UC Medical Center selected IMPs for its ongoing revitalization project.


Memorial Healthcare System Plans Two New Freestanding Emergency Departments

Construction is expected to begin in early 2025 and complete by mid 2026.


Communication Proves to Be Essential Task During Design Phase

Projects go over more smoothly when people are transparent and communicating openly.


Northwest Healthcare Acquires Carbon Health Urgent Care Centers in Arizona

With this acquisition, Northwest Healthcare has more than 80 sites of care.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.