The U.S. Department of Health and Human Services Office for Civil Rights has reported a massive data breach involving Perry Johnson & Associates (PJ&A).
The cyberattack on Perry Johnson & Associates (PJ&A), which occurred in March 2023, has compromised the private information of approximately 9 million patients, marking one of the most significant breaches in the healthcare sector to date.
PJ&A has reported that their network was compromised by threat actors during a window between March 27 and May 2, 2023, during which unauthorized access was gained.
The information accessed by the threat actors included patients’ names, dates of birth, medical records such as a patient’s account number and admission details. Some other exposed details include service details, SSN, insurance information, medical transcription files, and medication details.
PJ&A, a contractor serving various health centers and hospitals across the United States, specializes in providing medical transcription services to these healthcare institutions. The cyberattack on Perry Johnson and Associates (PJ&A) raises serious concerns about the security measures in place to protect sensitive health data and the potential implications for affected individuals.
Cyberattack on Perry Johnson & Associates
PJ&A commenced notifying the impacted patients of their personal health record compromise on October 31, 2023. Each person’s data exposure differs based on the information they disclosed to the healthcare services and the nature of their treatment. Financial information or account credentials are not among the data that the unauthorized party was able to access.
The exact number of individuals impacted by the cyberattack on Perry Johnson and Associates was not known until PJ&A provided relevant information to the Office for Civil Rights of the U.S. Department of Health and Human Services breach portal, which now verifies the figure as 8,952,212 patients.
Prior to this, Cook County Health (CCH), the biggest healthcare provider in Chicago, informed 1.2 million patients of the breach of their medical records in the PJ&A incident and declared that it would be ending its association with the vendor.
The biggest healthcare provider in New York, Northwell Health, had earlier revealed that the cyberattack on Perry Johnson and Associates had resulted in an indirect data breach. According to the letter, between April 7 and April 19, Northwell Health’s patient data was stolen.
There are more than 3.8 million affected patients who were treated in Northwell Health clinics and whose private information was compromised in this breach.
This indicates that four million more people have not yet received notification that their medical information was compromised by the cyberattack on Perry Johnson and Associates.
The cyberattack on Perry Johnson & Associates serves as a stern reminder that the guardians of our most sensitive information must remain steadfast in their commitment to fortify the digital bastions that safeguard our well-being.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
