Healthcare solution provider NextGen Healthcare, based in Atlanta, Georgia, has notified approximately one million users that their personal information may have been compromised in a recent data breach. The company primarily develops and sells electronic health record software and offers various practice management services for physicians and healthcare professionals.
According to their notification to the Maine Attorney General, NextGen Healthcare stated that they first detected suspicious activity in their system on March 30, 2023. Subsequent investigations revealed that unauthorized individuals accessed the system between March 29, 2023, and April 14, 2023. During this period, the attackers may have obtained a significant amount of personal information, including names, addresses, birth dates, and Social Security numbers, which NextGen Healthcare had stored for providing services to its customers.
However, NextGen Healthcare has declared that there is no evidence to suggest that the unauthorized party accessed health or medical records and data. The company also disclosed that the attackers appeared to have used client credentials stolen from other sources unrelated to NextGen to access their database. Currently, the company is conducting further investigations into this incident and taking necessary measures to prevent similar occurrences in the future.