Over 3M Patients’ Data Exposed
A massive data breach has rocked the database of Northwell Health, a healthcare provider based in the US. The Northwell Health data breach happened when cybercriminals managed to infiltrate the healthcare provider’s data through PJ&A. Perry Johnson & Associates or PJ&A is a third-party service provider that offers medical transcription services to multiple healthcare organizations including Northwell Health.
The Northwell Health data breach was earlier estimated to have impacted 3,891,565 people associated with the healthcare provider. But as the investigation unfolds, more shocking details are yet to be discovered. As of now, there are no details of the exact number of individuals impacted by this breach.
Northwell Health Data Breach: What We Know So Far
According to the release published on the website of Northwell Health and mailed to the impacted individuals, Perry Johnson & Associates notified that the patient data was accessed between April 7 and April 19.
The release states that the patient’s personal health information may have been affected due to the Northwell Health Data Breach that was discovered much later on May 2. This release also notifies that infiltrators were present in PJ&A’s systems from March 27 to May 2.
“An unauthorized party gained access to the PJ&A network between March 27, 2023, and May 2, 2023, and, during that time, acquired copies of certain files from PJ&A systems.”
The fact that is still questionable is, that what took Northwell Health and PJ&A so long to notify the impacted patients. Why a breach that happened in April and being notified towards the end of the year is a question that still stands unanswered.
However, the release says that PJ&A hired a vendor to assist with the investigation soon after discovering the incident. This means it might have taken them some time to ascertain the extent of the data exposed.
“We retained a cybersecurity vendor to assist with the investigation, contain the threat, and further secure our systems. We also directed its vendor to review the affected files and determine their precise contents.”
The data leaked from the Northwell Health breach includes the names, dates of birth, addresses, and medical health records of the patients. Experts believe that the unknown cybercriminals involved in this data theft might also try to gather more sensitive information from patients including their social security numbers.
The Northwell Health data breach is a grim reminder that there are still very real dangers faced by healthcare providers when it comes to ensuring the security of information. It shows how security risks are closely connected and can affect each other via third-party providers. Delayed communication to the affected people questions the speed of response following the security incident.
It is crucial that healthcare providers start focusing on the security of their partners as well as third-party vendors as they increasingly come to play a critical role in today’s dynamic and interconnected market.
Northwell Health data breach illustrates the significance of strong cyber security systems, vigilant supervision of external links, and active strategies for eliminating fresh hazards in the fast-growing area of computer security.
The Northwell Health data breach highlights the need for constant preparedness and increased focus on IT security awareness among health facilities. In today’s age, healthcare information becomes prone to attacks by professional, technically oriented criminals. Companies should allocate budgets to cyber-security and create effective response mechanisms and robust barriers to protect the confidence and privacy of patients’ personalities.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.