PJ&A, a US medical transcription firm, was hit a major cyberattack earlier this year, leading to the theft of highly sensitive personal and health data belonging to nearly nine million individuals. The breach, which started in March, has affected over 8.95 million people, making it one of the most significant medical-related data breaches in recent memory according to TechCrunch.
According to PJ&A’s official statement, patient notification of the data breach was made on October 31. The stolen data includes patient names, date of birth, addresses, hospital account and medical record numbers, admission diagnoses, and the dates and times of service. In addition, the compromised data contains some Social Security numbers, insurance details, and clinical information extracted from medical transcription files.
PJ&A emphasized its commitment to safeguarding information and initiated the notification process promptly after discovering the breach. The unauthorized access occurred between March 27 and May 2, during which the cyber intruder obtained copies of specific files from PJ&A’s systems.
Although the breach did not compromise the systems or networks of the company’s healthcare customers, it did include the theft of Social Security numbers, insurance particulars, and additional clinical details for some individuals. Despite this, PJ&A undertook a comprehensive review of the affected files, provided the results to impacted customers, and collaborated with them to notify individuals whose information was identified during the review.
Expressing deep regret over potential concerns stemming from the incident, PJ&A outlined its commitment to preventing future breaches. The company is reviewing its security measures, implementing additional technical safeguards, and intensifying monitoring efforts to fortify its systems. PJ&A also encourages individuals affected the breach to carefully review the notifications they receive and offers guidance on protective measures should they deem it necessary.