Perry Johnson & Associates, Inc., which does business as PJ&A
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Perry Johnson & Associates, Inc. (PJ&A), a medical transcription company headquartered in Henderson, Nevada, experienced a significant data breach that affected over 13 million individuals. The breach was first detected on May 2, 2023, when PJ&A noticed suspicious activity within its computer network. An investigation with third-party cybersecurity specialists confirmed that an unauthorized party accessed PJ&A’s network between March 2023 and May 2, 2023, specifically between April 7, 2023, and April 19, 2023, for Concentra patient information[1].
The compromised data included sensitive personal information such as names, Social Security numbers, dates of birth, addresses, medical record numbers, hospital account numbers, admission diagnoses, and dates and times of service. For some individuals, the data may have also included insurance details and clinical information from medical transcription files, such as test results and medications[1][2][3].
PJ&A began sending out data breach notification letters to affected individuals on February 4, 2024, advising them of the breach and the types of compromised information. The company operates primarily in the medical, legal, and government industries and is the largest privately held transcription company in the United States, employing more than 77 people and generating approximately $16 million in annual revenue[1].
The breach has led to several lawsuits against PJ&A and affected healthcare providers, alleging failure to implement adequate cybersecurity measures and delays in notifying affected individuals, leaving them vulnerable to identity theft and financial fraud[5]. The New York Attorney General has also warned New Yorkers about the risk of identity theft following the breach[6].
PJ&A has taken steps to enhance its security systems and prevent future incidents, including implementing additional technical security measures and deploying an endpoint detection and response system to monitor unauthorized access[11]. Affected individuals have been encouraged to remain vigilant against identity theft by reviewing account statements and credit reports for unusual activity[2].
The breach at PJ&A is considered one of the largest U.S. healthcare data breaches of 2023, with the total number of affected patients exceeding 14 million when including notifications from PJ&A’s clients[2].
Citations:
- https://www.jdsupra.com/legalnews/pj-a-files-notice-of-data-breach-on-8198865/
- https://www.scmagazine.com/news/hack-of-pja-tops-2023-us-healthcare-data-breaches-as-tally-jumps-by-4m
- https://www.jdsupra.com/legalnews/perry-johnson-associates-reports-data-9765623/
- https://www.hipaajournal.com/pja-data-breach/
- https://www.healthcaredive.com/news/bon-secours-mercy-health-percy-johnson-associates-data-breach-lawsuit/705232/
- https://www.hipaajournal.com/ny-attorney-general-warns-new-yorkers-pja-data-breach/
- https://techcrunch.com/2023/11/15/9-million-patients-had-data-stolen-after-us-medical-transcription-firm-hacked/
- https://www.pjats.com/downloads/Notice.pdf
- https://dataconomy.com/2023/11/14/unraveling-the-pja-northwell-health-data-breach-saga/
- https://thehipaaetool.com/concentra-is-the-latest-victim-of-the-pja-data-breach/
- https://oag.ca.gov/system/files/TemplateNotification.pdf
- https://www.jdsupra.com/legalnews/pj-a-announces-data-breach-affecting-5757437/
- https://potterhandy.com/perry-johnson-and-associates-data-breach-lawsuit
- https://www.turkestrauss.com/2023/10/19/perry-johnson-associates-data-breach-investigation/