Healthcare solutions provider NextGen Healthcare has informed approximately one million individuals that their personal information was compromised in a data breach. The Atlanta-based company provides electronic health records software and practice management services to doctors and medical professionals.
NextGen Healthcare discovered suspicious activity on its systems on March 30, 2023, and an investigation revealed that an unauthorized party had access to those systems between March 29 and April 14, 2023.
During the breach, attackers accessed personal information such as names, addresses, birth dates, and Social Security numbers, which NextGen Healthcare says it maintains on behalf of its customers in support of the services it provides. The company claims that there is no evidence the unauthorized party had access to health or medical records and data.
The attackers accessed NextGen Healthcare’s database using client credentials that appear to have been stolen from other sources or incidents unrelated to the company. NextGen Healthcare reset passwords to contain the incident and informed law enforcement of the breach. The company had earlier been targeted by a known ransomware group, but there is no information available on the impact of that incident.
NextGen Healthcare is the latest company to suffer a data breach, joining the growing list of companies that have experienced similar incidents in recent years. As cyber threats continue to grow in complexity and frequency, companies must take proactive measures to prevent such incidents and respond quickly in the event of a breach.
Businesses should also ensure that they comply with relevant data privacy laws and regulations to protect customer data from unauthorized access.
