NextGen Healthcare Hit with Cyberattack Potentially Exposing Protected Health Information

This is the second attack to hit NextGen in recent months.

By HFT Staff

NextGen Healthcare has started notifying more than one million individuals across the United States about a hacking incident that exposed their protected health information. NextGen Healthcare is an Atlanta, GA-based provider of electronic health records and practice management solutions to doctors and ambulatory care providers. On March 30, 2023, suspicious activity was detected in its NextGen Office system and third-party cybersecurity experts were engaged to conduct a forensic investigation to determine the nature and scope of the security breach. The investigation revealed unauthorized individuals had access to the system between March 29, 2023, and April 14, 2023. 

NextGen said unauthorized individuals had access to “a limited dataset” during that period, which included protected health information such as names, addresses, dates of birth and Social Security numbers. No evidence was found to indicate the attackers accessed patient medical records or any health or medical data and there have been no reports of any actual or attempted misuse of patient data. Passwords were reset when the breach was discovered, and additional security measures have now been implemented to strengthen security. Notification letters have already started to be sent to affected individuals, who have been offered complimentary credit monitoring and identity theft protection services for 24 months. 

The data breach has yet to appear on the HHS’ Office for Civil Rights breach portal but is showing on the websites of several state Attorneys General. The breach notification issued to the Maine Attorney General indicates 1,049,375 individuals were affected in total, including 3,913 Maine residents. The breach was reported to the Texas Attorney General as involving the PHI of 131,815 Texas residents. 

This is the second cyberattack to affect NextGen Healthcare in recent months. In January 2023, NextGen was added to the data leak site of the BlackCat ransomware group, although the listing was later taken down. The incident was investigated and a spokesman for NextGen said no patient data had been exposed or downloaded, and consequently this was not a reportable data breach. 

May 19, 2023

Topic Area: Information Technology , Safety , Security

Recent Posts

How Technology is Evolving Healthcare Design

Emerging technology is changing the way healthcare facilities are designed from the very beginning.

Cedars-Sinai Joins White House AI Consortium

Cedars-Sinai has also joined the TRAIN group, which is led by Microsoft.

Update Survey Spotlights Pay for Security Professionals 

Managers can sort the salary data based on titles, responsibility, gender, location, experience and certification.

OSF HealthCare Saint Elizabeth Medical Center – Peru Opens

The newly opened hospital is more focused on outpatient services.

Healthcare Ranks Highest for Ransomware Complaints: Report

The healthcare and public health sector filed 249 ransomware complaints to the FBI in 2023.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.