Electronic medical record software provider NextGen Healthcare has confirmed that hackers breached its systems and stole the personal data of more than a million patients.
According to a data breach notification from the Maine Attorney General’s Office, a total of 1,049,375 patients were affected by the attack.
The notification specifies that the data breach occurred between March 29 and April 14, 2023, and was discovered by the company on March 24 (although a sample of a notification letter sent to affected customers on April 28 said NextGen only noticed the breach on March 30). .
According to the company, the breach stemmed from unauthorized access to a database as a result of customer credentials allegedly stolen from other sources or incidents unrelated to NextGen.
“An unknown third party gained unauthorized access to a limited set of electronically stored personal information,” the letter says. “As a result of our detailed analysis of the affected information, we recently determined that some of your personal information was included in the electronic data accessed during the incident.”
Read more about healthcare data breaches: KillNet Group uses DDoS attacks against Azure-based healthcare applications
Affected information includes name, date of birth, address and social security number. NextGen said there was no evidence of any access to or impact on users’ health or medical records.
Still, according to Tom Kellermann, vice president of cyber strategy at Contrast Security, the breach will likely result in widespread identity theft.
“Healthcare providers have long been the favorite targets of cybercriminals specializing in identity theft for two reasons: first, they have woefully inadequate cybersecurity, and second, they store the most sensitive PII. [personally identifiable information].”
Dror Liwer, the co-founder of cybersecurity firm Coro, echoed Kellermann’s sentiment, adding that the risk of credential theft and misuse can be significantly reduced through a basic password management policy and multi-factor authentication.
“Also, implementing intelligent and automated detection and remediation would have reduced the attacker’s window of activity to a fraction of the time they were able to access patient information,” Liwer added.
The NextGen Healthcare data breach comes weeks after the US Food and Drug Administration (FDA) released new guidelines to strengthen cybersecurity levels for Internet-connected products used by hospitals and healthcare providers.
A global healthcare provider, NextGen, recently reported a data breach that affected over one million patient records. According to a detailed report filed by the company, unauthorized access to the patient records was gained through one of the company’s third-party service providers.
Sadly, this isn’t the first time a serious data breach relating to a healthcare provider has been reported in recent years. However, it’s one of the largest reported breaches and serves to underscore the importance of implementing robust security frameworks and regular employee training on data protection and privacy.
According to the NextGen report, the data breached included patients’ names, dates of birth, phone numbers, email addresses, and medical diagnoses. While more sensitive information, including financial data and Social Security numbers, were not accessed, NextGen warned that the data breach could lead to potential identity theft.
Furthermore, the company has reminded patients to remain on the lookout for signs of identity theft or suspicious activity, such as unauthorized credit card charges, and they have advised patients to immediately contact the appropriate authorities if they believe they may have been targeted.
Ikaroa, a full stack technology company, is dedicated to helping companies create and maintain secure systems. We strongly recognize the gravity of data breaches and the harm they can cause. Our team of experts is highly experienced in building comprehensive security protocols and data protection procedures, which we strongly believe are the key to averting disastrous outcomes such as the one experienced by NextGen.
We understand that data breaches will continue to affect the healthcare sector and other industries, particularly as hackers become increasingly adept at bypassing security networks. As such, we are committed to helping organizations to stay ahead of the curve and to develop robust security frameworks that protect their customer data, no matter what form it may take.