Huge healthcare data breach leaks full names, SSNs and more of 9 million patients — what to do now

An open lock depicting a data breach
(Image credit: Shutterstock)

Even if you’re extremely careful and use strong, complex passwords for each of your accounts, your personal information can still be exposed online as the result of a data breach

As reported by BleepingComputer, the medical transcription company Perry Johnson & Associates (PJ&A) has disclosed that it fell victim to a cyberattack back in March of this year. This led to the personal info of almost 9 million patients ending up in the hands of hackers.

According to PJ&A, hackers managed to breach the company’s network at the end of March and had access to its systems until the beginning of May. During this time, the hackers responsible were able to obtain the full names, dates of birth, medical record numbers, hospital account numbers, Social Security numbers (SSNs), insurance information, medical transcription files and more from approximately 9,952,212 patients.

With all of this information, the hackers behind this cyberattack could easily commit fraud or blackmail, though they could also try and steal your identity. While details regarding which healthcare providers and their customers are affected are still somewhat scarce, we’ll update this story as we learn more.

Data breach notices are being sent out now

Since PJ&A is a medical transcription company, the data exposed for each person will be different depending on what information they provided to their healthcare provider and the type of treatment they received.

Fortunately, no financial information or account credentials were accessed by the hackers behind this cyberattack. Still, having your SSN and other sensitive data exposed just by going to the doctor isn’t the kind of thing people who are sick or dealing with long-term health problems want to hear.

At the moment, two healthcare providers that we know of have begun sending out data breach notifications to affected patients. They include Chicago’s largest healthcare provider, Cook County Health (CCH) which notified 1.2 million patients that their medical records were exposed, as well as New York’s largest healthcare provider, Northwell Health, which announced in a press release that it suffered an indirect data breach as a result of the incident. 

As such, there are another four million people whose medical data was exposed in the cyberattack on PJ&A who haven’t been notified yet. If your personal info was obtained by hackers though, you’ll likely receive either an email or a letter in the mail letting you know.

What to do if your personal info is exposed in a data breach

Hacker using a stolen social security card

(Image credit: Blazej Lyjak/Shutterstock)

If your personal information was exposed online as a result of the cyberattack against PJ&A, you’ll likely be hearing from your healthcare provider very soon. For this reason, you’re going to want to diligently check your mailbox and inbox for a data breach notice.

A lot of times, when something like this happens, companies will provide you with free access to one of the best identity theft protection services for a year. Since these services are normally quite expensive, this is an offer you want to take them up on, especially as they can help you recover from fraud and get your identity back if it’s stolen.

Besides signing up for any offers from your healthcare provider, you also want to keep a close eye on your bank statements for any signs of fraud. This means looking for large transactions you don’t remember making as well as seeing if your name has been used to take out a loan or to sign up for a credit card.

We’ll likely hear more from individual healthcare providers and from PJ&A themselves, so check back as we will update this story as we find out more.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
An open lock depicting a data breach
Massive healthcare data breach just exposed the personal info of 1 million Americans — what to do now
An open lock depicting a data breach
3.5 million hit in major law firm data breach — full names, SSNs, dates of birth, addresses and more exposed
A laptop keyboard showing a warning sign
Data breach at Texas Tech University leaks personal data of 1.4 million patients
An open lock depicting a data breach
Nearly 6 million people exposed by massive healthcare breach — including credit cards, SSNs and more
A picture showing different credit cards stacked on top of each other on a table
5 million Americans just had their credit card details leaked online — what to do now
Globe Life insurance company logo on a cell phone in front of a monitor display the About page for the company. Shadowy hand holds the phone.
850,000 people exposed in massive insurance data breach — full names, dates of birth and SSNs
Latest in Online Security
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Monday, March 17 (#645)
iPhone 17 Air render
New leaked iPhone 17 dummy units show off super-thin iPhone 17 Air with this surprising design tweak
Simone Ashley and Hero Fiennes Tiffin in "Picture This" now streaming on Prime Video
Prime Video top 10 has 3 must-watch movies — including a bubbly romcom starring 'Bridgerton's' Simone Ashley
(L-R) Josh Hartnett as Cooper and Ariel Donoghue as Riley in "Trap"
Netflix top 10 movies — here’s the 3 worth watching right now
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #379 (Monday, March 17 2025)
iOS 19 logo on an iPhone
Apple WWDC 2025: iOS 19 and everything we know so far