NextGen Healthcare Says Hackers Accessed Personal Data of More Than 1 Million Patients

An anonymous reader quotes a report from TechCrunch: NextGen Healthcare, a U.S.-based provider of electronic health record software, admitted that hackers breached its systems and stole the personal data of more than 1 million patients. In a data breach notification filed with the Maine attorney general's office, NextGen Healthcare confirmed that hackers accessed the personal data of 1.05 million patients, including approximately 4,000 Maine residents. In a letter sent to those affected, NextGen Healthcare said that hackers stole patients' names, dates of birth, addresses and Social Security numbers. "Importantly, our investigation has revealed no evidence of any access or impact to any of your health or medical records or any health or medical data," the company added. TechCrunch asked NextGen Healthcare whether it has the means, such as logs, to determine what data was exfiltrated, but company spokesperson Tami Andrade declined to answer. In its filing with Maine's AG, NextGen Healthcare said it was alerted to suspicious activity on March 30, and later determined that hackers had access to its systems between March 29 and April 14, 2023. The notification says that the attackers gained access to its NextGen Office system -- a cloud-based EHR and practice management solution -- using client credentials that "appear to have been stolen from other sources or incidents unrelated to NextGen." "When we learned of the incident, we took steps to investigate and remediate, including working together with leading outside cybersecurity experts and notifying law enforcement," Andrade told TechCrunch in a statement. "The individuals known to be impacted by this incident were notified on April 28, 2023, and we have offered them 24 months of free fraud detection and identity theft protection." NextGen was also the victim of a ransomware attack in January this year, adds TechCrunch. The stolen data, including employee names, addresses, phone numbers and passport scans, appears to be available on the dark web.

Read more of this story at Slashdot.