November 15, 2023 at 11:17AM
PJ&A, a medical transcription service provider, experienced a cyberattack in March 2023 that exposed the personal information of approximately 9 million patients. The breach included sensitive data such as full names, dates of birth, medical records, social security numbers, and more. PJ&A began notifying affected individuals on October 31, 2023. Other healthcare providers, including Cook County Health and Northwell Health, also experienced data breaches stemming from this incident. The total number of impacted individuals is now confirmed to be 8,952,212 patients. PJ&A has not yet provided further details about the attack.
According to the meeting notes, Perry Johnson & Associates (PJ&A), a medical transcription service provider, experienced a cyberattack in March 2023, resulting in the exposure of personal information of nearly nine million patients. The threat actors breached the network and had unauthorized access between March 27 and May 2, 2023. The information that was compromised includes full names, dates of birth, medical record numbers, hospital account numbers, admission diagnoses, date and time of service, Social Security numbers, insurance information, medical transcription files, medication details, and treatment facility and healthcare provider names.
PJ&A began notifying affected individuals about the data breach on October 31, 2023. It is important to note that the data exposed for each person varies based on the information they provided to healthcare services and the type of treatment they received. However, financial information or account credentials were not included in the accessed information.
The cyber incident impacted a total of 8,952,212 patients, as confirmed by PJ&A’s submission to the breach portal of the U.S. Department of Health and Human Services Office for Civil Rights. Additionally, it was mentioned that Cook County Health (CCH), Chicago’s largest healthcare provider, notified 1.2 million patients about the breach and decided to terminate its relationship with PJ&A.
Yesterday, Northwell Health, New York’s largest healthcare provider, disclosed an indirect data breach resulting from the PJ&A network compromise. The breach occurred between April 7 and April 19, and it affected more than 3.8 million individuals who received care in Northwell Health’s clinics. Furthermore, it is noted that there are an additional four million individuals whose medical data was exposed through other healthcare providers who have not yet notified their patients.
Bleeping Computer reached out to PJ&A for further details about the attack but has not received an immediate comment.