NextGen data breach leaves a million at risk

Published: 8 May 2023
Last updated: 8 May 2023
Nextgen Healthcare breach
Image by Cybernews.

The headcount of potential victims among healthcare provider NextGen’s customers could stand north of one million, scattered across US states.

NextGen recently notified its customers there had been “a security incident involving certain of your personal information” – names, dates of birth, addresses, and Social Security numbers.

ADVERTISEMENT

Around the same time, the office of Maine, which enforces strict data breach reporting requirements, disclosed the existence of the letter, adding that the total number of victims, including residents of that state, was 1,049,375.

On May 5th, the Office of the Attorney General in Texas, which has similar disclosure policies to Maine regarding cyberattacks, reported the same attack – 131,815 residents of Texas were said to have been affected.

Montana also reported being notified of the attack, which it said had affected 3,343 residents there.

In its client disclosure letter, sent via hard copy in the US mail to victims on April 28th, NextGen said it had discovered a breach of its systems between March 29th and April 13th.

“Based on our in-depth investigation to date, supported by our external experts, it appears that an unknown third-party gained unauthorized access to a limited set of electronically stored personal information,” it said.

But it insisted that no data directly pertaining to healthcare or medical records had been accessed during the attack.

“Our investigation has revealed no evidence of any access or impact to any of your health or medical records or any health or medical data,” said NextGen. “Furthermore, there is no evidence to suggest there has been any fraudulent use of the personal information accessed.”

NextGen provides IT services to healthcare providers across the US, with more than a thousand companies using its services, according to B2B and software firm 6sense.

It has offered victims two years of free identity monitoring and theft protection services “as a precautionary measure.”

ADVERTISEMENT

More from Cybernews:

Eurovision 2023: a golden mine for cybercriminals

Privacy alert: US airport gets self-serve biometric screeners

No jail for Uber security chief convicted in 2016 hack

Pro-Russian group knocks out French Senate’s website

ADVERTISEMENT

Subscribe to our newsletter

Share
Post
Share
Share
Share
More from Cybernews
US regulator reviews school internet funding over children's screen time
Bernard Meyer: “Trust me, not everyone will make it through the AI transition”
Experts say EU remains years away from technological independence despite sovereignty plans
Pentesters turn up the heat on Shelly as Bluetooth thermostat flaw leaves smart homes exposed
Researcher easily finds five OpenClaw zero-days just as Microsoft expands its use of platform
Passwords and locations at risk in alleged Grindr data leak
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked