NextGen Healthcare, a U.S.-based supplier of digital well being report software program, admitted that hackers breached its techniques and stole the private knowledge of greater than 1 million sufferers.
In an information breach notification filed with the Maine lawyer normal’s workplace, NextGen Healthcare confirmed that hackers accessed the private knowledge of 1.05 million sufferers, together with roughly 4,000 Maine residents. In a letter despatched to these affected, NextGen Healthcare stated that hackers stole sufferers’ names, dates of delivery, addresses and Social Safety numbers.
“Importantly, our investigation has revealed no proof of any entry or influence to any of your well being or medical data or any well being or medical knowledge,” the corporate added. It’s not but identified whether or not NextGen Healthcare has the means, equivalent to logs, to find out what knowledge was exfiltrated and firm spokesperson Tami Andrade didn’t instantly reply to TechCrunch’s questions.
In its submitting with Maine’s AG, NextGen Healthcare stated it was alerted to suspicious exercise on March 30, and later decided that hackers had entry to its techniques between March 29 and April 14, 2023. The notification says that the attackers gained entry to its NextGen Workplace system — a cloud-based EHR and follow administration answer — utilizing shopper credentials that “seem to have been stolen from different sources or incidents unrelated to NextGen”.
NextGen was additionally the sufferer of a ransomware assault in January this 12 months, in response to stories, which was claimed by the ALPHV ransomware gang, also called BlackCat. A list on ALPHV’s darkish internet leak website, seen by TechCrunch, reveals samples of the stolen knowledge, together with worker names, addresses, cellphone numbers, and passport scans.
Information of NextGen’s newest breach comes because the variety of sufferers’ impacted by the mass ransomware assault focusing on prospects who used Fortra’s GoAnywhere file-transfer software program continues to develop. Flordia-based know-how firm NationBenefits confirmed final week that greater than 3 million members had knowledge stolen within the cyberattack, whereas Brightline, a digital remedy supplier for youngsters, stated that greater than 960,000 of the corporate’s pediatric psychological well being sufferers had knowledge stolen.