At least 4 million New Yorkers impacted by medical company's data breach: What to know

Young man using the internet on his computer at his desk.

At least four million New York residents may have been impacted by a medical company's data breach that could potentially lead to identity theft, the state attorney general said.

In all, the data breach at medical transcription company Perry Johnson & Associates affects nearly nine million patients, almost half of which were in NYC and Syracuse.

Northwell Health and Crouse Health were two healthcare providers impacted by the breach, according to New York Attorney General Letitia James. Most of those whom had data compromised or impacted had been notified by Tuesday morning, said James.

The attorney general urged those who had been notified to be on alert and to take necessary action to prevent identity theft.

Perry Johnson & Associates, which offers transcription services to health care groups and doctors for dictating and transcribing patient notes, became aware of the breach in May, according to James. The company said some of the information in the breach includes social security numbers, as well as insurance and clinical information from medical files.

“I urge all New Yorkers affected by this data breach to stay alert and take these important steps to protect themselves,” said James. “Bad actors can use the stolen information to impersonate individuals or cause financial harm. Identity theft is a serious issue, and my office will continue to take action to keep New Yorkers safe.”

James' office offered a list of things people can do to protect themselves if they were impacted, including: monitoring credit; placing a fraud alert on credit report; obtaining copies of medical records; contesting unrecognized medical bills; and informing insurance companies.

Anyone who falls victim to medical identity theft should consider filing a report with the FTC online or at 877-438-4338. 

Contact Us