Image credit: Getty Images
NextGen Healthcare is a US-based provider of electronic medical record software. admitted that hackers broke into its systems and stole the personal data of more than one million patients.
In a data breach notification filed with the Maine Attorney General’s Office, NextGen Healthcare confirmed that hackers accessed the personal data of 1.05 million patients, including approximately 4,000 Maine residents. In a letter sent to those affected, NextGen Healthcare said hackers stole patient names, dates of birth, addresses and social security numbers.
“Importantly, our investigation did not reveal any evidence of access to or influence on your health or medical records or health or medical data,” the company added. When asked if Healthcare had logs or other means to determine what data had been stolen, the company’s spokesperson, Tami Andrade, declined to answer.
NextGen Healthcare was warned of suspicious activity on March 30, in documents filed with AG in Maine, after which hackers took control of the company between March 29 and April 14, 2023. It states that it has determined that it has accessed the system of The notice states that the attackers gained access to the company’s NextGen Office system — Cloud-based EHR and practice management solution — Using client credentials that “appear to have been stolen from other sources or incidents unrelated to NextGen.”
“When we learned of this incident, we worked with leading external cybersecurity experts and took steps to investigate and remediate, including notifying law enforcement,” Andrade told TechCrunch. “Individuals known to have been affected by this incident were notified on April 28, 2023 and offered 24 months of free fraud detection and identity theft protection. ”
NextGen was also the victim of a ransomware attack in January this year, according to a report claimed by the ALPHV ransomware gang, also known as BlackCat. A list of ALPHV dark web leak sites reviewed by TechCrunch shows samples of stolen data, including employee names, addresses, phone numbers, and passport scans.
News of NextGen’s latest breach continues as the number of patients affected by a massive ransomware attack targeting customers using Fortra’s GoAnywhere file transfer software continues to grow. Florida-based tech company NationBenefits confirmed last week that more than 3 million members had their data stolen in a cyberattack, and children’s virtual therapy provider Brightline said it had killed 960,000 of its pediatric mental health patients. More than one person said their data was stolen.
Updated with comments from NextGen Healthcare.