May 16, 2023
Over one million patients affected
In our digital health check today, we turn to NextGen Healthcare, who recently admitted to a cyberattack that resulted in a data breach affecting over a million patients.
It seems that hackers, who never take a sick day, used stolen login credentials to get into NextGen's cloud-based electronic health record and practice management system, between late March and mid-April.
The company assures us that no medical records were exposed. However, the compromised data does include patient names, birth dates, addresses, and even Social Security numbers. As for how they figured out which data got stolen, well, it's like asking for a second opinion - we're still waiting for NextGen to provide a clear answer.
Tom Kellermann from Contrast Security went on record saying that this cyberattack could lead to widespread identity theft, calling out healthcare providers for being, in his words, "woefully inadequate" with cybersecurity. It's like leaving the medicine cabinet unlocked with a house full of curious toddlers.
Experts warn that the stolen data could be used in social engineering. It's a bit like handing over the keys to your house and hoping the burglars only take the silverware. They encourage affected users to use the free credit monitoring offer, and remind us once again about the importance of good ol' cybersecurity basics: strong password management, multi-factor authentication, and smart automated detection.