Concentra Health Services, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Concentra Health Services, Inc., a healthcare services provider based in Addison, Texas, experienced a significant data breach due to an incident involving one of its vendors, Perry Johnson & Associates, Inc. (PJ&A). The breach was first discovered by PJ&A, a medical transcription company, which detected suspicious activity within its computer network on May 2, 2023. An investigation with the help of third-party cybersecurity specialists confirmed that an unauthorized party had accessed PJ&A’s network between March 27, 2023, and May 2, 2023. During this period, the unauthorized party accessed sensitive information of Concentra patients between April 7, 2023, and April 19, 2023[1][2].

The compromised data included names, Social Security numbers, dates of birth, addresses, medical record numbers, hospital account numbers, and medical information[1][6]. PJ&A’s investigation revealed that approximately 13,300,750 individuals were impacted by the breach[1]. PJ&A notified Concentra of the breach, and both entities began their respective investigations[1][2].

On February 4, 2024, PJ&A began sending out data breach notification letters to the affected individuals, advising them of the compromised information and the steps they could take to protect themselves from potential fraud or identity theft[1][2]. It is important to note that Concentra’s own computer network was not breached; the compromised data was stored on PJ&A’s network[1][2].

Concentra, founded in 1979, operates a network of approximately 520 urgent care clinics across 44 states and employs over 11,000 people[1]. PJ&A, headquartered in Henderson, Nevada, serves clients primarily in the medical, legal, and government sectors, with over 77 employees and approximately $16 million in annual revenue[1][2].

Individuals affected by the breach are encouraged to remain vigilant by reviewing their account statements and credit reports for unusual activity. Concentra has also provided additional information on steps individuals can take to help protect their information, including monitoring accounts and considering placing a fraud alert or credit freeze with the major credit reporting bureaus[8].

For more detailed information and updates on the breach, affected individuals can refer to the notices provided by PJ&A and Concentra, and they may also consider seeking legal advice to understand their rights and options following the data breach[1][6][8].

Citations:

  1. https://www.jdsupra.com/legalnews/pj-a-files-notice-of-data-breach-on-8198865/
  2. https://cybernewsy.com/pja-reports-data-breach-impacting-concentra-patients/?amp=1
  3. https://www.healthcaredive.com/news/health-organizations-dunned-almost-2m-after-data-breaches/255350/
  4. https://www.hipaajournal.com/pja-data-breach/
  5. https://www.jdsupra.com/legalnews/health-alliance-files-notice-of-third-9082568/
  6. https://www.jdsupra.com/legalnews/concentra-confirms-patient-information-9485882/
  7. https://healthitsecurity.com/news/compromised-medical-records-ransomware-attacks-trouble-healthcare
  8. https://www.concentra.com/about-us/notice-of-data-security-event/
  9. https://www.healthcaredive.com/news/tracking-healthcare-data-breaches-cybersecurity-hacking-hospitals/696184/
  10. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
  11. https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/index.html
  12. https://www.teiss.co.uk/news/pja-data-breach-impacted-over-13-million-concentra-health-services-patients-13454
  13. https://www.teiss.co.uk/news/news-scroller/texas-therapy-provider-concentra-health-notifies-4-million-patients-of-data-theft-incident-13400
  14. https://www.upguard.com/security-report/concentra
Breach Submission Date Jan 09, 2024
Converted Entity Name Concentra Health Services, Inc.
Converted Entity Type Healthcare Provider
State TX
Individuals Affected 3,998,162
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes