1M NextGen Patient Records Compromised in Data Breach

Update, 1:29 p.m. EDT: NextGen clarified that the reported BlackCat data leak was related to a previous incident. This breach involved what the company describes as an "unknown third party."

A company spokesperson provided this statement to Dark Reading: "Security, in all its forms, is a top priority for NextGen Healthcare. When we learned of the incident, we took steps to investigate and remediate, including working together with leading outside cybersecurity experts and notifying law enforcement. The individuals known to be impacted by this incident were notified on April 28, 2023, and we have offered them 24 months of free fraud detection and identity theft protection."

A database containing the personal information of more than 1 million people was stolen from NextGen Healthcare, Inc., a provider of cloud-based healthcare technology.

NextGen Healthcare provided a disclosure to the Maine Attorney General's office that said the breach occurred on March 29 and lasted through April 14. The compromise was discovered on April 24, the company reported.

The compromise occurred due to "unauthorized access to database stemming from use of stolen client credentials that appear to have been stolen from other sources or incidents unrelated to NextGen," the healthcare technology provider said.

Samples of NextGen's stolen data reportedly popped up on ransomware operator BlackCat's leak site, but were later removed without explanation.

NextGen's disclosure indicated the databased contained "name or other personal identifier in combination with Social Security Number."

NextGen had not responded to Dark Reading's request for comment at the time of this post.

NextGen Breach Follow-on Attacks Likely

The NextGen breach poses a major threat to its victims, according to Tom Kellermann, senior vice president of cyber strategy at Contrast Security.

"This is a massive cybercrime which will result in widespread identity theft," Kellermann said in a statement provided to Dark Reading. "Healthcare providers have long been preferred targets by cybercriminals who specialize in identity theft due to two reasons: First they have woeful inadequate cybersecurity and second, they store the most sensitive PII."

In 2021, there were more data breaches of healthcare-related organizations than any other sector, accounting for 24% of all cybersecurity incidents, according to Steve Gwizdala, vice president of healthcare at ForgeRock.

"Vigilance and new ways of enhancing cybersecurity measures will be crucial to healthcare organizations and businesses responsible for protecting the personal information of consumers stored online — across the entire supply chain," Gwizdala said in a statement.