Millions of patients have data stolen after medical transcription service hacked

News
By published

PJ&A lost data on almost nine million patients

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

Hackers have breached Perry Johnson & Associates (PJ&A) and stole sensitive information belonging to almost nine million people. 

The company confirmed the news in a filing with the US Department of Health and Human Services, where it said it was breached in March 2023, before notifying affected individuals on October 31. 

A total of 8.95 million individuals are affected, with the stolen data including full names, birth dates, postal addresses, medical records, and hospital account numbers. Furthermore, the hackers took admission diagnoses, as well as dates and times of service. In some cases, the hackers also stole Social Security Numbers (SSN), insurance and clinical information from medical transcription files, and names of healthcare providers - all of which would be more than enough to stage highly convincing social engineering attacks (phishing, identity theft, etc.) and could result in many class-action lawsuits.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Attacker identity unknown

PJ&A is a company that provides transcription services to healthcare organizations and is based in Nevada, US. 

So far we don’t know the threat actor behind the attack, and whether or not this was a ransomware attack. The company is not currently responding to any requests for comment. We do know that Northwell Health, a major healthcare system in the State of New York, is affected, with at least 3.89 million patient records belonging to that company. The second company to come forward is Cook County Health, which has had 1.2 million of its patients’ data taken.

That leaves some four million records unaccounted for, at least for now.

It’s still unknown how the hackers breached PJ&A, but given the timeline, it’s safe to assume it wasn’t via the MOVEit managed file transfer service which started around May. The GoAnywhere MFT incident, however, was discovered in February this year.

Via TechCrunch

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
healthcare
Top US health provider tells 882,000 patients they were hit in August 2023 breach
Lock on Laptop Screen
United Healthcare data breach may have affected 190 million Americans
healthcare
Over a million clinical records exposed in data breach
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Data breach
Top medical billing firm says data breach hit 360,000 users
Latest in Security
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about the MCU, and I think we're getting an official Avengers: Doomsday cast reveal
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
More about security
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Microsoft Copiot Studio deep reasoning and agent flows

Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
See more latest
Most Popular
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Nissan 2026 line-up
Nissan is back to its bold best with new EV lineup that's led by a third-generation Leaf – and yes, it's an SUV
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about the MCU, and I think we're getting an official Avengers: Doomsday cast reveal
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Group of people meeting
Inflexible work policies are pushing tech workers to quit
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 27 (game #655)