Perry Johnson & Associates (PJ&A), a transcription service vendor for healthcare institutions, recently revealed a breach that occurred in May, impacting multiple large organizations. Though not yet on the HHS data breach portal, both Northwell Health and Cook County Health reported being affected.
PJ&A identified the breach on May 2, where an unauthorized entity had access to their systems from March 27 to May 2. Protected health information, including sensitive data like Social Security numbers, medical records, and clinical details, may have been compromised. Cook County Health notified 1.2 million individuals, ceasing ties with PJ&A. Northwell Health also confirmed the breach but didn’t disclose the exact impact, marking the second incident for them this year after the MOVEit hack.
McLaren Health Care, a Michigan-based institution with a vast network, disclosed a breach affecting 2.2 million individuals in July. Detected in August, unauthorized access to their network potentially exposed names, Social Security numbers, health and billing information, among other data.
Postmeds, the parent company of Truepill, faced a breach impacting 2.3 million individuals in August. Information compromised included patient names, medication types, and demographics. Despite assurances and efforts to bolster security measures, a lawsuit alleges Postmeds’ negligence in implementing adequate safeguards, citing damages to an individual’s Venmo account and exposure of personal data on the dark web.