Malware
PJ&A Discloses Alarming Cyberattack: Confidential Data of Nearly 9 Million Patients Compromised
Discover the shocking cyberattack on PJ&A that has exposed sensitive information of 9 million patients. Learn how to protect your data now!
PJ&A Warns of Cyberattack Exposing Personal Information of Almost 9 Million Patients
PJ&A (Perry Johnson & Associates) is cautioning that a cyberattack in March 2023 has resulted in the exposure of the personal information of nearly nine million patients.
PJ&A offers medical transcription services to healthcare organizations in the United States.
The company has reported that threat actors infiltrated their network and had access between March 27 and May 2, 2023. Upon investigation, it was discovered that the following information was compromised:
- Full name
- Date of birth
- Medical record number
- Hospital account number
- Admission diagnosis
- Date and time of service
- Social Security numbers (SSNs)
- Insurance information
- Medical transcription files (lab and diagnostic test results)
- Medication details
- Treatment facility and healthcare provider names
PJ&A initiated the process of notifying affected individuals about the data breach on October 31, 2023, in order to inform them that their sensitive healthcare information had been compromised.
Source: BleepingComputer
The extent of data exposed for each individual varies based on the information they provided to the healthcare services and the type of treatment they received.
The unauthorized party did not gain access to financial information or account credentials.
The exact number of affected individuals remained undisclosed until PJ&A submitted the relevant information to the breach portal of the U.S. Department of Health and Human Services Office for Civil Rights, which has now confirmed that there were 8,952,212 patients affected.
Previously, Cook County Health (CCH), the largest healthcare provider in Chicago, informed 1.2 million patients that their medical records had been breached in the PJ&A incident and announced the termination of its relationship with the vendor as a consequence.
Recently, Northwell Health, the largest healthcare provider in New York, disclosed that it experienced an indirect data breach as a result of the PJ&A network compromise. The breach occurred between April 7 and April 19.
The number of affected individuals who received care in Northwell Health’s clinics and had their sensitive information exposed in this incident exceeds 3.8 million.
Consequently, there are still four million individuals whose medical data was compromised through other healthcare providers and have yet to be informed about the breach.
We have reached out to PJ&A for further information regarding the attack, but have not received an immediate comment.