Connect with us

Hi, what are you looking for?


Data Breaches

1 Million Impacted by Data Breach at NextGen Healthcare

NextGen Healthcare is informing roughly 1 million individuals that their personal information was compromised in a data breach.

Healthcare solutions provider NextGen Healthcare has started informing roughly one million individuals that their personal information was compromised in a data breach.

Headquartered in Atlanta, Georgia, the company makes and sells electronic health records software and provides doctors and medical professionals with practice management services.

On Friday, NextGen Healthcare informed the Maine Attorney General’s Office that it started sending notification letters to more than one million individuals, to inform them about the incident.

According to the letters, NextGen Healthcare first identified suspicious activity on its systems on March 30, 2023. The investigation launched into the matter revealed that an unauthorized party had access to those systems between March 29 and April 14, 2023.

During that time, the attackers accessed personal information such as names, addresses, birth dates, and Social Security numbers – NextGen Healthcare says it maintains such data on behalf of its customers, in support of the services it provides to them.

The company says it has no evidence that the unauthorized party had access to health or medical records and data.

NextGen Healthcare told the Maine Attorney General that the attackers accessed its database using “client credentials that appear to have been stolen from other sources or incidents unrelated to NextGen”.

Advertisement. Scroll to continue reading.

The company says it reset passwords to contain the incident and informed law enforcement of the breach, working with them throughout the investigation.

Earlier this year, NextGen was targeted by a known ransomware group, but no information appears to be available on the impact of that incident. 

Related: 3.3 Million Impacted by Ransomware Attack at California Healthcare Provider

Related: Patient Information Compromised in Data Breach at San Diego Healthcare Provider

Related: Vulnerabilities in OpenEMR Healthcare Software Expose Patient Data

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Data Breaches

Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals.