An attack on medical transcription firm Perry Johnson & Associates (PJ&A) belatedly picked up the unwanted distinction of being 2023’s largest U.S. health sector data breach.Nevada-based PJ&A provides transcription services for medical facilities across the country, meaning it stores sensitive data on millions of Americans.The firm was breached by hackers between March 27 and May 2 last year, and the unidentified cybercriminals exfiltrated personal data from its systems from April 7 to April 9. PJ&A subsequently disclosed the breach impacted over 8.95 million individuals.A number of the firm’s clients separately reported the impact on their patients, whose data PJ&A held. Among them was Chicago-based Cook County Health (CCH) which said it stopped using the firm’s services as a result of the breach after affecting 1.2 million of its patients.New York's largest healthcare provider, Northwell Health, initially said 3.9 million of its patients were impacted, but did not refer to a specific number in subsequent statements.Another P& J client earlier this month, Concentra Health Services, notified the Department of Health and Human Services (HHS) that the breach had impacted 3,998,162 of its patients.Concentra is an occupational health care services provider operating 540 medical centers nationwide and 150 onsite clinics at employer locations.In a notice on its website, the company said patients affected by the PJ&A breach should “remain vigilant against incidents of identity theft by reviewing their account statements, credit reports, and explanations of benefits forms for unusual activity and to detect errors."
Privacy, Breach, Data Security
Hack of PJ&A tops 2023 US healthcare data breaches as tally jumps by 4M

HHS was notified that nearly 4 million Concentra Health Services patients were affected by a data breach of PJ&A. (Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



