Episode 150 — Nine Million Medical Records Leaked - How can victims find out what happened? episode artwork

EPISODE · Nov 30, 2023 · 12 MIN

Episode 150 — Nine Million Medical Records Leaked - How can victims find out what happened?

from Data Privacy Detective · host Joe Dehner - Global Data Privacy Lawyer

Perry Johnson & Associates (PJ&A) provides medical transcription services to healthcare organizations. Its website states that it offers “secure HIT solutions,” using “multiple U.S. based, secure data centers for documentation storage and disaster recovery.” But in November 2023, PJ&A began informing about nine million people by individually sent letters that “between March 27, 2023 and May 2, 2023, PJ&A learned that an unauthorized party gained access” to its network and “acquired copies of certain files from PJ&A systems.”A November 2023 TechRadar report summarizes the background:“A total of 8.95 million individuals are affected, with the stolen data including full names, birth dates, postal addresses, medical records, and hospital account numbers. Furthermore, the hackers took admission diagnoses, as well as dates and times of service. In some cases, the hackers also stole Social Security Numbers (SSN), insurance and clinical information from medical transcription files, and names of healthcare providers - all of which would be more than enough to stage highly convincing social engineering attacks (phishing, identity theft, etc.) and could result in many class-action lawsuits.”How did a leading MedTech company respond to this cybersecurity incident? Tune in to learn how one podcast listener was informed by letter about the wrongful release of the individual’s medical information and sought details with no success. Consider how society must prepare better to address the aftermath of data breaches and what we can do collectively and individually to protect our most sensitive information.

Perry Johnson & Associates (PJ&A) provides medical transcription services to healthcare organizations. Its website states that it offers “secure HIT solutions,” using “multiple U.S. based, secure data centers for documentation storage and disaster recovery.” But in November 2023, PJ&A began informing about nine million people by individually sent letters that “between March 27, 2023 and May 2, 2023, PJ&A learned that an unauthorized party gained access” to its network and “acquired copies of certain files from PJ&A systems.”A November 2023 TechRadar report summarizes the background:“A total of 8.95 million individuals are affected, with the stolen data including full names, birth dates, postal addresses, medical records, and hospital account numbers. Furthermore, the hackers took admission diagnoses, as well as dates and times of service. In some cases, the hackers also stole Social Security Numbers (SSN), insurance and clinical information from medical transcription files, and names of healthcare providers - all of which would be more than enough to stage highly convincing social engineering attacks (phishing, identity theft, etc.) and could result in many class-action lawsuits.”How did a leading MedTech company respond to this cybersecurity incident? Tune in to learn how one podcast listener was informed by letter about the wrongful release of the individual’s medical information and sought details with no success. Consider how society must prepare better to address the aftermath of data breaches and what we can do collectively and individually to protect our most sensitive information.

NOW PLAYING

Episode 150 — Nine Million Medical Records Leaked - How can victims find out what happened?

0:00 12:58

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Data Privacy Detective?

This episode is 12 minutes long.

When was this Data Privacy Detective episode published?

This episode was published on November 30, 2023.

What is this episode about?

Perry Johnson & Associates (PJ&A) provides medical transcription services to healthcare organizations. Its website states that it offers “secure HIT solutions,” using “multiple U.S. based, secure data centers for documentation storage and disaster...

Can I download this Data Privacy Detective episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!