Thursday, March 13, 2025
Follow us On Linkedin
HomeCyber AttackNextgen Healthcare Hacked - Over 1 Million Customers' Data Exposed

Nextgen Healthcare Hacked – Over 1 Million Customers’ Data Exposed

Cyber AttackCyber Security News

Published on

By Gurubaran
Nextgen Healthcare Hacked

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

NextGen Healthcare, which has its headquarters in Atlanta, Georgia, is a company that develops and markets software for the management of electronic health data and offers practice management services to medical practitioners.

The Office of the Maine Attorney General has released a Data breach notification that mentions NextGen Healthcare, Inc. 

The notification has provided the breach information that denotes data of nearly 1 million customers has been breached by an unauthorized party in which 3913 residents belong to Maine.

Threat actors have used stolen client credentials obtained from another stolen source to gain access to the NextGen database. The data stolen by the attackers are claimed to have the “Social Security Number” of customers.

As per the notification, the breach occurred between the 29th of March, 2023, and the 14th of April, 2023. However, the breach was discovered nearly 10 days later (24th April 2023). 

This breach was submitted to the authorities through the “Sheppard Mullin Richter and Hamptom LLP” firm. According to the Office of the Maine Attorney General, NextGen offers threat protection services as part of their Individual Notification Letter.

“NextGen Healthcare is offering you 24 months of free fraud detection and identity theft protection through Experian’s® IdentityWorks℠ product.“ reads the letter released by NextGen as part of this breach.

NextGen stated that even though there is no evidence that the stolen personal information has been used for criminal activities, they are ready to offer 24 months of free identity monitoring, fraud consultation, and identity theft restoration service through Experian’s IdentityWorks Program.

Further information regarding this data breach is still unconfirmed, and the Forensic investigation is still under process.

According to reports, the ALPHV ransomware organization, also known as BlackCat, claimed responsibility for a ransomware attack against NextGen in January of this year.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

APT

Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes

In a significant development in the cybersecurity landscape, APT-C-36, more commonly known as Blind...
Press Release

INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats

As Artificial Intelligence (AI)-powered cyber threats surge, INE Security, a global leader in cybersecurity...
CVE/vulnerability

Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers

A critical security vulnerability has been identified in Apache NiFi, a popular open-source data...
Amazon AWS

86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration

A non-password-protected database belonging to ESHYFT, a New Jersey-based HealthTech company, was recently discovered...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

APT

Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes

In a significant development in the cybersecurity landscape, APT-C-36, more commonly known as Blind...
CVE/vulnerability

Apache NiFi Vulnerability Exposes MongoDB Credentials to Attackers

A critical security vulnerability has been identified in Apache NiFi, a popular open-source data...
Amazon AWS

86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration

A non-password-protected database belonging to ESHYFT, a New Jersey-based HealthTech company, was recently discovered...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved