Hackers Hit Maine's NextGen Healthcare Company, Stealing Data of 1 Million Patients

American health software company NextGen Healthcare has notified Maine's attorney general's office of a data breach that affected more than a million patients.

Healthcare remains a prime target for criminals, but they don't always attack clinics and hospitals. Since many of these facilities rely on other companies to manage their patient data, those organizations are also targeted. That's precisely the case with NextGen Healthcare, which has been the focus of attacks in the past six months.

According to a TechCrunch report, NextGen Healthcare hackers managed to somehow access data on more than a million patients in a breach that occurred between March 29 and April 14. Because 4,000 of the patients were Maine residents, the company had to notify Maine's attorney general's office under that state’s law.

"Importantly, our investigation has revealed no evidence of any access or impact to any of your health or medical records or any health or medical data," the company told TechCrunch.

"When we learned of the incident, we took steps to investigate and remediate, including working together with leading outside cybersecurity experts and notifying law enforcement," company spokesperson Tami Andrade said. "The individuals known to be impacted by this incident were notified on April 28, 2023, and we have offered them 24 months of free fraud detection and identity theft protection."

In the letter to Maine's AG office, the company said the hackers accessed names and other personal identifiers in combination with the victims' Social Security Numbers.

Unfortunately for NextGen Healthcare, this is not the only attack that has succeeded against this organization. Less than six months ago, the company was also the victim of a ransomware attack.

This situation seems rather different, as the company said the hackers gained access to their system by using client credentials that appear to have been stolen from other sources or incidents unrelated to NextGen.

Check out Bitdefender Identity Theft protection plans (US only) to fight identity theft and stem the financial and emotional damage it inflicts. Our solution combines advanced detection technology, financial account monitoring real-time alerts, 24/7 US-based support, and identity recovery. It monitors your SSN, email address and phone numbers in places where they should not be listed (including the Dark Web) and alerts you to changes in your address, court records in your name, and payday loans taken out in your name.

Bitdefender Identity Theft Protection is available as a standalone version or bundled in our Ultimate Security plans alongside award-winning malware protection, VPN and Password Manager