Concentra Health Services, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Concentra Health Services, Inc., a healthcare services provider based in Addison, Texas, experienced a significant data breach due to an incident involving one of its vendors, Perry Johnson & Associates, Inc. (PJ&A). The breach was first discovered by PJ&A, a medical transcription company, which detected suspicious activity within its computer network on May 2, 2023. An investigation with the help of third-party cybersecurity specialists confirmed that an unauthorized party had accessed PJ&A’s network between March 27, 2023, and May 2, 2023. During this period, the unauthorized party accessed sensitive information of Concentra patients between April 7, 2023, and April 19, 2023[1][2].
The compromised data included names, Social Security numbers, dates of birth, addresses, medical record numbers, hospital account numbers, and medical information[1][6]. PJ&A’s investigation revealed that approximately 13,300,750 individuals were impacted by the breach[1]. PJ&A notified Concentra of the breach, and both entities began their respective investigations[1][2].
On February 4, 2024, PJ&A began sending out data breach notification letters to the affected individuals, advising them of the compromised information and the steps they could take to protect themselves from potential fraud or identity theft[1][2]. It is important to note that Concentra’s own computer network was not breached; the compromised data was stored on PJ&A’s network[1][2].
Concentra, founded in 1979, operates a network of approximately 520 urgent care clinics across 44 states and employs over 11,000 people[1]. PJ&A, headquartered in Henderson, Nevada, serves clients primarily in the medical, legal, and government sectors, with over 77 employees and approximately $16 million in annual revenue[1][2].
Individuals affected by the breach are encouraged to remain vigilant by reviewing their account statements and credit reports for unusual activity. Concentra has also provided additional information on steps individuals can take to help protect their information, including monitoring accounts and considering placing a fraud alert or credit freeze with the major credit reporting bureaus[8].
For more detailed information and updates on the breach, affected individuals can refer to the notices provided by PJ&A and Concentra, and they may also consider seeking legal advice to understand their rights and options following the data breach[1][6][8].
Citations:
- https://www.jdsupra.com/legalnews/pj-a-files-notice-of-data-breach-on-8198865/
- https://cybernewsy.com/pja-reports-data-breach-impacting-concentra-patients/?amp=1
- https://www.healthcaredive.com/news/health-organizations-dunned-almost-2m-after-data-breaches/255350/
- https://www.hipaajournal.com/pja-data-breach/
- https://www.jdsupra.com/legalnews/health-alliance-files-notice-of-third-9082568/
- https://www.jdsupra.com/legalnews/concentra-confirms-patient-information-9485882/
- https://healthitsecurity.com/news/compromised-medical-records-ransomware-attacks-trouble-healthcare
- https://www.concentra.com/about-us/notice-of-data-security-event/
- https://www.healthcaredive.com/news/tracking-healthcare-data-breaches-cybersecurity-hacking-hospitals/696184/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
- https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/index.html
- https://www.teiss.co.uk/news/pja-data-breach-impacted-over-13-million-concentra-health-services-patients-13454
- https://www.teiss.co.uk/news/news-scroller/texas-therapy-provider-concentra-health-notifies-4-million-patients-of-data-theft-incident-13400
- https://www.upguard.com/security-report/concentra