Perry Johnson & Associates (“PJ&A”) Data Breach Lawsuit

Legal Representation for Victims of Data Breaches in California

The Data Breach Attorneys at Potter Handy Law Firm have the knowledge and resources to thoroughly examine your case, conduct an investigation into the breach, and, when needed, fight for justice.

Potter Handy LLP is currently reviewing cases on behalf of individuals affected by the Perry Johnson & Associates (“PJ&A”) data breach. These individuals may have had their personal and confidential information illegally accessed by an unknown third party during the PJ&A data breach. Potter Handy LLP will conduct a complimentary assessment of your data breach claim in order to safeguard the rights and privacy of all those impacted by the PJ&A data breach.

We are only interested in claims that arose in California.


What Happened?

PJ&A became aware of a data security incident impacting their systems on May 2, 2023. Subsequently, PJ&A initiated an investigation and engaged a cybersecurity vendor to provide further support in connection with the investigation and to secure against potential system vulnerabilities. Through the investigation, PJ&A determined that unauthorized access to their systems occurred between March 27, 2023, and May 2, 2023.

By December 22, 2023, PJ&A had completed its investigation into the breach of personal health information for South Bend Clinic, LLC (“SBC”) customers. The investigation revealed unauthorized access to PJ&A systems between March 27, 2023, and May 2, 2023, and to personal health information, including SBC data, between April 7, 2023, and April 19, 2023. On February 5, 2024, PJ&A filed a notice of data breach and issued data breach letters to affected individuals, providing comprehensive details about the compromised information.

Earlier, on July 21, 2023, PJ&A notified Northwell that an unauthorized party had accessed and downloaded certain files from PJ&A’s systems. PJ&A had preliminarily determined that Northwell data was impacted on May 22, 2023, and, by September 28, 2023, had confirmed the scope of the Northwell data impact. PJ&A began sending notices of a data breach on October 31, 2023, to alert impacted individuals that their sensitive healthcare information had been compromised.

View an example of what the letter looks like.

The exact number of people affected by this cyber-incident remained unknown until PJ&A submitted the relevant information to the breach portal of the U.S. Department of Health and Human Services Office for Civil Rights, which now confirms the number to be 8,952,212 patients.

Previously, Cook County Health (CCH), Chicago’s largest healthcare provider, notified 1.2 million patients that their medical records had been breached in the PJ&A incident, announcing that it would terminate its relationship with the vendor as a result.

Northwell Health, New York’s largest healthcare provider, announced it suffered an indirect data breach resulting from the PJ&A network compromise. The notification states that Northwell data was stolen between April 7 and April 19.

The number of impacted individuals who received care in Northwell Health’s clinics and had their sensitive information exposed in this incident surpasses 3.8 million.

This means another four million people whose medical data was exposed through other healthcare providers have not been notified yet.

If you received notification that a data breach had exposed your personal information, you should contact our highly qualified Data Breach Lawyers. These attorneys can effectively protect your legal rights and ensure that those responsible for causing the harm are held accountable.

By selecting a qualified Data Breach Lawyer in California, you can be assured that your interests are protected thoroughly during the entire case, providing you with peace of mind.

Contact us online or call our data breach intake professionals at (415) 534-1911.


What Information Was Involved in the Perry Johnson & Associates (“PJ&A”) Data Breach?

The investigation has concluded that the incident may have led to unauthorized access to certain confidential information. The data exposed for each person varies depending on what information they provided to the healthcare services and the type of treatment they received.

The types of personal information contained in the impacted files include:

  • Full name
  • Date of birth
  • Medical record number
  • Hospital account number
  • Admission diagnosis
  • Date and time of service
  • Social Security numbers (SSNs)
  • Insurance information
  • Medical transcription files (lab and diagnostic test results)
  • Medication details
  • Treatment facility and healthcare provider names

All of the specific files that may have been accessed or removed could not be determined.


Protecting Consumers’ Privacy Rights Following the Perry Johnson & Associates (“PJ&A”) Data Breach

If you were notified that your information had been stolen as a result of the Perry Johnson & Associates (“PJ&A”) data breach, you may be entitled to compensation or other remedies.

Please call (415) 534-1911 for an appointment with Mark Potter and Jim Treglio of Potter Handy LLP in San Francisco. During this call, our intake professionals will review your claim regarding the Perry Johnson & Associates (“PJ&A”) data breach. Free Consultations 24/7. No out-of-pocket expenses.

View an example of what the letter looks like.