aleksandar nakovski - stock.adob
PJ&A Data Breach Fallout Continues, 4M Additional Individuals Impacted
Concentra Health Services reported a nearly 4 million-record data breach to HHS stemming from a previously disclosed data breach at Perry Johnson & Associates, a medical transcription company.
Concentra Health Services filed a data breach report with HHS in January tied to a previously reported breach at Perry Johnson & Associates (PJ&A), a medical transcription company. Concentra’s breach report added nearly 4 million individuals to the breach tally, which already sat at nearly 9 million.
As previously reported, PJ&A discovered a data security incident on May 2, 2023 and later determined that an unauthorized third party had gained access to its systems between March 27 and May 2.
The unauthorized party potentially obtained protected health information, including names, dates of birth, medical record numbers, hospital account numbers, admission diagnoses, addresses, and dates of service. The breach also included Social Security numbers, insurance information, and clinical information from medical transcription files, such as medication information and test results.
Concentra, a leading occupational medicine provider that operates 540 medical centers and 140 onsite clinics at employer locations, said that it was notified of the breach on November 10. Concentra directed impacted individuals to PJ&A’s website for additional information about the breach and steps that impacted individuals can take to protect their information.
The PJ&A breach already constituted one of the largest breaches reported to HHS in 2023 and impacted multiple providers. Following PJ&A’s disclosure, Chicago, Illinois-based Cook County Health notified 1.2 million individuals that they may have been impacted by the breach. Upon learning of the incident, CCH said it terminated its relationship with PJ&A and stopped sharing data with the vendor.
In addition, Northwell Health, New York’s largest healthcare provider, notified patients of the breach, though it did not disclose the exact number of individuals impacted. The incident later caught the attention of New York Attorney General Letitia James, who issued a consumer alert to warn New Yorkers about the potential impacts of the breach and encourage them to take steps to prevent identity theft.
PJ&A has not released a list of clients that were impacted by the breach.