The well-established health record software provider NextGen Healthcare faced a breach of its data by hackers. For a company known for its safety and quality services, this news rather came as a shock. According to a data breach notification that came from the Office of the Maine Attorney General, “a total of 1,049,375 patients were affected by the attack”. Healthcare providers are always preferable targets of such hacking and crimes. The reasons are obvious. Platforms like these store the most sensitive information that is personal.
Huge Giant faced a downfall
NextGen Healthcare – a US-based healthcare software giant started its operation in 1973. The company helps healthcare institutes and hospitals in managing and storing all their health records electronically. It offers a hand of help to all hospitals in dealing with all the records and prevents their wastage of space and time. The company manages millions of records of different patients. The records are huge and a lot of hospitals and patients rely on them. From day one, the company has offered the safest platform to all its users. But even such a huge platform could not protect itself from hacking.
The hacking occurred between March and April. As per officials, the breach happened on 29th March and the company figured it out on 24th April. So for almost a month, hackers were in their system and viewed almost everything. later they were blocked by the company. In this one month, hackers were able to access and gather the personal information of almost 1 million patients.
The quick action plan adopted
NextGen immediately informed its customers by sending individual notices to those whose information was compromised. The notice included how much information was taken and the dates of the breach. The notices were brief but still explained the situation perfectly.
The company immediately hired cybersecurity experts to solve the problem and to help all the victims. They notified and informed the respective law enforcement authorities.
The platform also informed that the credentials of the clients were stolen from some other sources that are not related to NextGen. This offered hackers unauthorized access to their websites and files. This process is known as credential stuffing and this process has been widely and majorly used by hackers.
Read Here: Digital Insurance Solutions: Protection of Insurers Against Data Breaches
A sign of relief
As per the officials and the company, the records hacked exclude medical information. The records that the company contains include a patient’s personal identification details, treatment history, medical history, and financial information. However, the hacked data does not include medical information. The company specifically said, “Importantly, our investigation has revealed no evidence of any access or impact to any of your health or medical records or any health or medical data.”
Also, no evidence was found of misusing the hacked information. The company has provided all the victims with identity theft protection and fraud detection for the next 24 months and that too for free.
Aftermath of the breach
As mentioned above, the leaked information includes social security number, date of birth, name, and address. However, till now, there is no indication of any access to medical and health records. But even if healthcare information was not stolen, the breach may still lead to widespread identity theft because enough personal data has been accessed. Information about names and addresses can cause a lot of harm to any user or patient. The hacker can use this information of users and can open fraudulent accounts in their name and can fraud others too.
If you are one of the victims then start looking for suspicious activities on your accounts and your credit reports. If need be, invest in identity theft protection services and credit monitoring.
Measures to be adopted
These measures are well known and are discussed regularly by all platforms but still, we fail to use them in our day-to-day life:
- The companies should deploy automated and smart remediation and detection.
- A simple use of two-factor authentication can prevent the majority of hacks.
- All firms should use a basic password management policy to enhance security.
- Free fraud protection should be provided by the officials to the victims.
- If a user notices any unusual activity in their account, they should immediately reset passwords and inform respective authorities.
- Data-centric security measures should be adopted.
- All companies should keep a backup plan ready for future hacking.
- Companies should use data-centric technologies for example: format-preserving encryption and tokenization.
Also Read: LIMRA: The Ideal Life Insurance Service For You
History repeating itself
One should learn from its mistake and that is what NextGen should do. This is not the first time that the company has faced something like this. The news of hacking came in January too. The company faced the same incident On January 17, 2023. The ransomware group with the name of BlackCat listed the company on its site for dark web data leaks. As per NextGen, they found no evidence of hacking and infiltration in their system after a deep investigation.
The company contacted BlackCat and later the company’s name was removed from the list. Either the news of the breach was fake or the ransom was paid. In both cases, users suffer so the company must enhance their security for the protection of its users.
More attacks likely
This cybercrime is massive. The information leaked is huge in number and poses a threat to all victims. In 2021 alone, the healthcare sector faced breaches more than any other sector. Almost 24% of hacking was faced by the healthcare sector. It is high time for all healthcare providers to enhance their cybersecurity and become more vigilant. Personal information should be protected. The majority of such companies get hacked due to their inadequate security so the first step should be to enhance security. For those, whose information was breached, if you notice any unusual activity immediately freeze your account and cards. Go to the police and get some help.
Read More: Growing Importance of Zero-Trust Security in the Age of Data Breaches
