SECURITY
SECURITY
SECURITY
1M records stolen from electronic health software provider NextGen
NextGen Healthcare Inc., a provider of electronic health record software and practice management systems, has suffered a data breach that resulted in the theft of about 1 million individuals’ records.
In an April 28 breach notice to the Office of the Maine Attorney General, the company said the breach occurred between March 29 and April 14 before being discovered on April 24. The company described it as involving “unauthorized access to database stemming from use of stolen client credentials that appear to have been stolen from other sources or incidents unrelated to NextGen.”
NextGen is describing that an attacker gained access to their systems using credentials stolen in another data breach, or in other words, one of their employees or clients was using login details on another site that they were also using on NextGen’s systems.
The information stolen included names, dates of birth, Social Security numbers and addresses. No healthcare records are believed to have been compromised. NextGen has sent notification letters to those affected by the breach, offering two years of free identity monitoring and theft protection services.
The data breach is not the first time NextGen Healthcare has been targeted by bad actors this year, with the company also being targeted in a ransomware attack in January. In that attack, the BlackCat ransomware gang obtained data from NextGen and published some of the data on its leak site in an attempt to get the company to pay a ransom.
As noted at DataBreaches at the time, the listing and sample data subsequently disappeared from BlackCat’s leak site. It’s not officially known why the data was pulled down, but data is typically pulled when a ransom is paid, though there’s no evidence the company did so.
That NextGen has been targeted again and the attack vector was a reused password are not a good look for a Nasdaq-listed company with a market cap of just over $1 billion.
“The victims in this data breach will want to keep a close eye on their personal and financial information, as even though the breach supposedly did not expose any health or medical information,” Chris Hauk, consumer privacy advocate at online privacy blog Pixel Privacy, told SiliconANGLE. “The data that was gleaned could be used to either trick the victims into providing additional information or could even be used by bad actors to extract more info about the victims from other companies.”
Image: NextGen Healthcare
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
