NextGen Healthcare breach compromises over 1M patients’ data

U.S. electronic health record software provider NextGen Healthcare has confirmed that its systems have been breached in late March, compromising data belonging to 1.05 million patients, TechCrunch reports. Threat actors were able to exfiltrate patients' names, birthdates, addresses, and Social Security numbers, but not their health or medical records, after infiltrating NextGen Healthcare's systems between March 29 and April 14, with the provider's cloud-based EHR solution initially compromised through stolen credentials, said NextGen Healthcare in its filing with the Maine Attorney General's Office. Individuals impacted by the incident have been notified on April 28 and have been given free identity theft and fraud detection services for two years, according to NextGen Healthcare spokesperson Tami Andrade. Such a systems breach is the second cyber incident reported by NextGen Healthcare this year following an ALPHV/BlackCat ransomware attack in January, and comes after the widespread Clop ransomware attack exploiting Fortra's GoAnywhere Managed File Transfer system, which has impacted pediatric virtual therapy provider Brightline and healthcare benefits firm NationsBenefits.