DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Federal criminal investigation involving Perry Johnson & Associates data breach

Posted on June 10, 2024 by Dissent

The Perry Johnson & Associates (PJ&A) data breach was the biggest reported breach involving protected health information in 2023, with more than 13 million patients affected1. Now WBEZ in Chicago reports that there is a federal criminal investigation related to the breach at the medical transcription service.

Federal authorities are conducting a criminal investigation into a massive data breach that potentially affected as many as 1.2 million patients at Cook County’s public health system and a total of 14 million people across the country, according to records obtained by WBEZ.

In a grand jury subpoena sent to Cook County Health in November, investigators asked the agency to turn over “any and all information related to the data security incident” involving Perry Johnson & Associates, a Nevada-based medical transcription company also known as PJ&A.

The subpoena shows Acting U.S. Attorney Morris Pasqual and a prosecutor in the U.S. Justice Department’s Fraud Section asked officials to provide PJ&A’s contract with Cook County, records relating to “due diligence by Cook County of PJ&A” and all communications the county had with the company regarding the data leak.

Read more at WBEZ.

According to records obtained by WBEZ, the subpoena was sent to Cook County Health 10 days after officials first disclosed the breach to the public. But why was the US Department of Justice’s Fraud Section leaping into subpoena action so quickly with a criminal investigation? Was there any reason to suspect fraud, or is this fairly routine?

DataBreaches emailed the US DOJ to ask whether, in general, the DOJ’s Fraud Section issues subpoenas for a criminal investigation soon after a breach is announced or if that is not the usual pattern. Unfortunately, they did not reply, leaving us still puzzled as to why the federal government began a criminal investigation so quickly. Was the target PJ&A, or was it the threat actors, or was something else going on?

If any lawyers can share their professional experience and insight about this, please email this site at tips[at]databreaches[.]net.

—————
1 The incident was reported to HHS in November 2023 as affecting 8,952,212. In February 2024, PJ&A reported the total number affected to Maine as 13,300,750.

Category: HackHealth DataOf NoteSubcontractorU.S.

Post navigation

← Developing: BreachForums down, ShinyHunters’ and forum Telegram channels deleted?
Special Health Resources’ “technical difficulties” are due to a ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.