Hardly a day goes by that another company announces a data breach. In 2023, 353 million people had their personal info stolen. One reason for this many data breaches is the rise in healthcare data breaches. Since 2020, the healthcare sector has recorded the most data breaches. Healthcare is digitizing and storing lots of sensitive data. This sensitive data is a desirable target for hackers. Attackers can re-use the stolen information. They can use it to run more attacks. These include ransomware, SPAM emails, phishing, vishing, and bogus websites.
One example of why breaches in the healthcare sector are increasing is Perry Johnson and Associates (PJ&A). PJ&A is a health care consulting and medical transcription firm. It is largest private provider of transcription services in the United States. They have offices in Troy MI at the world headquarters of Perry Johnson Inc. Perry Johnson, of Bloomfield Hills MI, heads the firm. His claim to fame is as a “quality guru.”
Politics
Johnson has a dubious political track-record. He spent more than $20 million of his own money to get elected. He ran for governor of Michigan, as a Republican in 2022. But, before the Republican primary, they removed him from the ballot. This was due to fraudulent and invalid petition signatures. Johnson later started a campaign to become the 2024 Republican candidate for president. He abandoned that effort in October 2023.
A data breach controversy has also ensnared Johnson. PJ&A suffered a data breach in March 2023. The PJ&A data breach is the second-largest healthcare data breach of 2023 and the 6th largest ever. The cyberattack exposed the medical and other personal data of at least 14 million people in the U.S. according to The HIPAA Journal, an online publication that covers the Health Insurance Portability and Accountability Act.
What Happened
PJ&A found unauthorized activity in its IT systems on May 2, 2023. It hired third-party cybersecurity experts to investigate the incident. The experts were assigned to find the attack’s nature and scope. They were to see if the attackers took sensitive data.
The investigation confirmed unauthorized network access. The unauthorized access occurred from March 27, 2023, to May 2, 2023. During this time, attackers got data from its clients. PJ&A told its clients about the cyberattack on July 21, 2023. In the following days, they confirmed unauthorized access to data.
Data compromised in data breach
Investigators completed the PJ&A data breach investigation on September 28, 2023. PJ&A said the information accessed by the unauthorized party included:
- Name,
- Address,
- Date of birth,
Medical record number,- Hospital account number,
- Admission diagnosis,
- Date/time of service,
- Social Security number,
- Insurance information,
- Medical and clinical information including:
- Laboratory and diagnostic testing results,
- Medications,
- The name of the treatment facility, and
- Healthcare provider name.
Who does the data breach impact?
Health care providers that have reported data breaches related to Perry Johnson & Associates:
Concentra (NY) 01/09/2024, almost 4 million records.- North Kansas City Hospital (MO) 01/05/2024, over 500,000 records.
- Cook County Health (IL) 1.2 million individuals.
- Northwell Health (NY) 3,891,565 individuals.
- Mercy Medical Center (IA) 97,132 patients.
rb-
In recent years, the healthcare industry has become a prime target for cyberattacks. Data breaches are a big threat to patient privacy and institutional integrity. The Perry Johnson & Associates incident shows the vulnerabilities in healthcare systems.
The repercussions of such a breach are far-reaching. This exposure could lead to identity theft and financial fraud. It affects individuals and reveals their personal and medical information.
For patients, the incident is a wake-up call. They need to guard their personal data. They must also watch their digital footprint. Consumers can take actions to protect against data misuse. These include placing a credit freeze. You can also take these additional steps:
- Place a credit freeze, which would prevent thieves from opening a new account in their name,
- Put a fraud alert on their credit report so lenders can take extra steps to verify your identity before issuing credit,
- Obtain copies of their medical records and review them for any errors,
- Contest unrecognized medical billing, and
- Inform your insurance company.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.