NextGen Healthcare, which makes and sells software for medical and other healthcare providers, is the target of a federal lawsuit charging that it was negligent in defending itself against a cyberattack that permitted hackers access to information about more than a million consumers.
The complaint, filed in U.S. District Court for the Northern District of Georgia, claims the Atlanta-based company did not follow federal and industry guidelines for protecting data.
The cyberattack exposed data of at least 1,049,375 individuals, according to the suit, filed by attorneys for Cory Benn, a New York resident.
In a statement to The Atlanta Journal-Constitution, NextGen said it was aware of the breach, took action to combat it and believes that the hacker’s access was limited.
“There was unauthorized access to a limited set of personal information, however there is no evidence of any access or impact to any patient health or medical information from this incident,” said a spokeswoman for NextGen. “The individuals known to be impacted by this incident were notified on April 28.”
Those people were offered two years of free fraud detection and identity-theft protection, she said.
Lawyers for Benn did not respond to a request for comment from the AJC on Tuesday.
However, in the complaint they ask for class status, requesting the court to include any and all people whose data was compromised.
And while the complaint does not specifically allege that the hacker accessed medical information, the filing alleges that all the data was vulnerable. The breach is costing Benn and the million-plus other individuals time, money and anxiety, the complaint said. “As a result of the data breach, (they) face a substantial risk of imminent and certainly impending harm.”
The company says it learned of “suspicious activity” on March 30 and immediately launched an investigation, working with outside cybersecurity experts.
They concluded that a hacker or hackers used digital credentials “that appear to have been stolen from sources or incidents unrelated to NextGen” to gain access to the NextGen system.
NextGen, which changed its name from Quality Systems in 2018, reported earnings of $1.62 million on $596.3 million revenue for the fiscal year ending March 31.
A year previous, NextGen reported earnings of $9.52 million on $556.8 million in revenues.
Company stock, trading under the ticker symbol NXGN, hit a year high of $20.80 a share in late November. Midday Tuesday, NextGen stock was trading at $16.59 a share.
Last month, the company said it had been named to Newsweek’s list of America’s Most Trustworthy Companies for the second consecutive year.
About the Author
