The NextGen Healthcare cyber attack story continues, with the company disclosing another cyber incident in a regulatory filing. The disclosure follows the reports of a ransomware attack that occurred in January this year.
NextGen Health, the US-based business that provides electronic health records and practice management solutions to several healthcare organizations, has disclosed a data breach on April 28.
In a notice of data breach with the Attorney General of Montana, the company said it learned about a “data security incident impacting the company’s computer network resulted in confidential consumer information being made accessible to an unauthorized party”.
The hackers had access to its systems was exercised between March 29, 2023, and April 14, 2023. During the 17 days when the hackers had access to the systems of NextGen Healthcare, Inc., they are suspected to have stolen system data.
The stolen information consists of names, dates of birth, addresses, and Social Security Numbers, among other data from the NextGen Healthcare cyber attack. The website of NextGen was accessible at the time of writing.
The sequence of events post the NextGen Healthcare cyber attack
On March 30, 2023, NextGen gained cognizance of suspicious activities in its systems. Post the investigations NextGen Healthcare cyber attack was confirmed.
Once the unauthorized data access was determined, the Atlanta-based company began sending letters to affected individuals, on April 28.
On the same day, NextGen filed a notice of data breach with Montana’s Attorney General, according to a JD Supra report.
NextGen Healthcare cyber attacks, data breaches and more
The NextGen Healthcare cyber attack disclosure comes close to a ransomware attack that came to light in January 2023. A ransomware attack on NextGen was reported earlier, which was claimed by the ALPHV ransomware group.
NextGen Healthcare was targeted on January 17 and the ransomware group promptly published nine attachments allegedly from the data gathered after the NextGen Healthcare cyber attack.
The other targets posted along with the HER vendor NextGen were Fresh Del Monte and PharmaCare Services.
The vendor’s reply to the Data Breaches email asking about the NextGen Healthcare cyber attack read, “Our forensic review is ongoing and, to data, we have not uncovered any evidence of access to or exfiltration of client data.”
While the ransomware group wrote back to Data Breaches by saying, “Companies do not want these cases to be known by three people. Sorry, can’t help you. We can provide data and all information if the company does not pay us.”
Surprisingly, upon checking the leak site of BlackCat/ ALPHV, it was found that the company data or records were not to be seen on it, read the Data Breaches report.
It is not known if the ransom demands were met or what led to the erasing of a target name from the ransomware group’s leak site.
Being embroiled in about two data security incidents with ransomware groups and hackers points towards the requirement for stronger cybersecurity infrastructure and security of patient data with vendors such as NextGen.