In its filing with Maine’s AG, NextGen Healthcare said it was alerted to suspicious activity on March 30, and later determined that hackers had access to its systems between March 29 and April 14, 2023. The notification says that the attackers gained access to its NextGen Office system — a cloud-based EHR and practice management solution — using client credentials that “appear to have been stolen from other sources or incidents unrelated to NextGen.” “When we learned of the incident, we took steps to investigate and remediate, including working together with leading outside cybersecurity experts and notifying law enforcement,” Andrade told TechCrunch in a statement. “The individuals known to be impacted by this incident were notified on April 28, 2023, and we have offered them 24 months of free fraud detection and identity theft protection.” NextGen was also the victim of a ransomware attack in January this year, adds TechCrunch. The stolen data, including employee names, addresses, phone numbers and passport scans, appears to be available on the dark web.
Read more of this story at Slashdot.