Healthcare solutions provider NextGen Healthcare has started informing roughly one million individuals that their personal information was compromised in a data breach.
Headquartered in Atlanta, Georgia, the company makes and sells electronic health records software and provides doctors and medical professionals with practice management services.
On Friday, NextGen Healthcare informed the Maine Attorney General’s Office that it started sending notification letters to more than one million individuals, to inform them about the incident.
According to the letters, NextGen Healthcare first identified suspicious activity on its systems on March 30, 2023. The investigation launched into the matter revealed that an unauthorized party had access to those systems between March 29 and April 14, 2023.
During that time, the attackers accessed personal information such as names, addresses, birth dates, and Social Security numbers – NextGen Healthcare says it maintains such data on behalf of its customers, in support of the services it provides to them.
The company says it has no evidence that the unauthorized party had access to health or medical records and data.
NextGen Healthcare told the Maine Attorney General that the attackers accessed its database using “client credentials that appear to have been stolen from other sources or incidents unrelated to NextGen”.
The company says it reset passwords to contain the incident and informed law enforcement of the breach, working with them throughout the investigation.
Earlier this year, NextGen was targeted by a known ransomware group, but no information appears to be available on the impact of that incident.
Related: 3.3 Million Impacted by Ransomware Attack at California Healthcare Provider
Related: Patient Information Compromised in Data Breach at San Diego Healthcare Provider
Related: Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data