NextGen Healthcare Hit with Cyberattack Potentially Exposing Protected Health Information

This is the second attack to hit NextGen in recent months.

By HFT Staff

NextGen Healthcare has started notifying more than one million individuals across the United States about a hacking incident that exposed their protected health information. NextGen Healthcare is an Atlanta, GA-based provider of electronic health records and practice management solutions to doctors and ambulatory care providers. On March 30, 2023, suspicious activity was detected in its NextGen Office system and third-party cybersecurity experts were engaged to conduct a forensic investigation to determine the nature and scope of the security breach. The investigation revealed unauthorized individuals had access to the system between March 29, 2023, and April 14, 2023. 

NextGen said unauthorized individuals had access to “a limited dataset” during that period, which included protected health information such as names, addresses, dates of birth and Social Security numbers. No evidence was found to indicate the attackers accessed patient medical records or any health or medical data and there have been no reports of any actual or attempted misuse of patient data. Passwords were reset when the breach was discovered, and additional security measures have now been implemented to strengthen security. Notification letters have already started to be sent to affected individuals, who have been offered complimentary credit monitoring and identity theft protection services for 24 months. 

The data breach has yet to appear on the HHS’ Office for Civil Rights breach portal but is showing on the websites of several state Attorneys General. The breach notification issued to the Maine Attorney General indicates 1,049,375 individuals were affected in total, including 3,913 Maine residents. The breach was reported to the Texas Attorney General as involving the PHI of 131,815 Texas residents. 

This is the second cyberattack to affect NextGen Healthcare in recent months. In January 2023, NextGen was added to the data leak site of the BlackCat ransomware group, although the listing was later taken down. The incident was investigated and a spokesman for NextGen said no patient data had been exposed or downloaded, and consequently this was not a reportable data breach. 

May 19, 2023

Topic Area: Information Technology , Safety , Security

Recent Posts

From Rocks to Sinkholes: Geological Challenges at Construction Site

Unique approaches were needed to construct Morristown-Hamblen West Facility.

When Should Healthcare Facilities Maintenance Their Doors?

Door manufacturers discuss when to maintain doors in healthcare facilities.

Geisinger Medical Center Expansion Project Announced

The $880 million project is slated to be complete and open in 2028.

Palomar Health Medical Group Experiences Data Breach

Currently, PHMG cannot determine the specific individuals and information that may have been impacted by the incident.

Workplace Violence: Report Confirms Growing Concerns 

‘One in five healthcare workers feel unsafe at work.’


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.