A number of customers of Northwell Health reported online that they received notice that there was a data breach at a transcription company that the healthcare company uses. The unknown hacker was able to access sensitive information, according to letters received by the affected users.
The company, Perry Johnson & Associates (PJ&A), issued a statement about the hack on November 1st.
“An unauthorized party gained access to the PJ&A network between March 27, 2023, and May 2, 2023, and, during that time, acquired copies of certain files from PJ&A systems,” it read.
Perry Johnson & Associates said it retained a cybersecurity vendor to assist with the investigation, contain the threat, and further secure our systems.
“This incident did not involve access to any systems or networks of PJ&A’s healthcare customers,” they said.
A representative from Northwell confirmed to LongIsland.com that PJ&A provides medical transcription services to Northwell.
The representative said that none of Northwell’s systems were impacted by this cyberattack on PJ&A but records relating to Northwell’s patients were among the files copied from PJ&A’s network.
Northwell also said that it is not aware of any evidence of subsequent misuse of the information but is offering all of its impacted patients complimentary identity theft protection services.
According to Perry Johnson & Associates, the files that were accessed contained personal health information including name, date of birth, address, medical record number, hospital account number, admission diagnosis, and date(s) and time(s) of service. They said that the information accessed did not contain credit card information, bank account information or usernames or passwords.
An online news outlet that covers cyber attacks said in an article that the breach may have impacted millions of individuals associated with the healthcare provider.
Perry Johnson & Associates is operating a dedicated call center for impacted patients to have their questions answered at (833) 200-3558.