hackers stole the personal data of more than a million patients of medical institutions

NextGen Healthcare, one of the largest US providers of electronic health record software, has admitted that cybercriminals have infiltrated its systems and stolen the personal data of more than a million patients.

IN data breach notice filed with the Maine Attorney General’s Office, the company confirmed that hackers had accessed the personal data of 1.05 million patients. In a letter sent to the victims, NextGen Healthcare said the attackers stole the names of patients, dates of birth, addresses and social security numbers.

“Importantly, our investigation has not found any evidence of any access to or exposure to your medical records or any medical data,” the company added. The statement is really interesting!

NextGen Healthcare also said that it was alerted to suspicious activity on March 30 and later determined that hackers had access to its systems from March 29 to April 14. The company’s notice states that digital mobsters gained access to NextGen Office, a cloud-based electronic medical record solution, using client credentials that “appear to have been stolen from sources other than NextGen.”

“When we became aware of the incident, we took steps to investigate and address the consequences, including working with leading external cybersecurity experts and notifying law enforcement in a timely manner,” the company said.

“The persons affected by this incident were notified on April 28, 2023. We offered them 24 months of free fraud protection using the service Experian Identity Works»— representatives of NextGen Healthcare added.

Interestingly, NextGen was already the victim of a ransomware attack earlier this year. In January, the hacker group ALPHV/BlackCat stole a lot of confidential information from the company, including the names of employees, their addresses, phone numbers and passport scans.