Consumer Alert:
Attorney General James Warns New Yorkers Impacted by Medical Company’s Data Breach of Potential Identity Theft

NEW YORK – New York Attorney General Letitia James today warned New Yorkers impacted by a data breach at a medical transcription company, Perry Johnson & Associates, to take action to prevent potential identity theft. The company experienced a data breach affecting nearly nine million patients, including approximately four million New Yorkers in New York City and Syracuse. Northwell Health and Crouse Health have been affected by this data breach, and most individuals whose data was impacted have been notified. Attorney General James advises affected New Yorkers to protect themselves and their information from theft and impersonation. 

Perry Johnson & Associates is a Nevada-based company that provides transcription services to health care organizations and physicians for dictating and transcribing patient notes. In May 2023, Perry Johnson & Associates became aware of a breach affecting their systems. The medical transcription company said the data impacted includes some social security numbers and insurance and clinical information from medical transcription files. 

“I urge all New Yorkers affected by this data breach to stay alert and take these important steps to protect themselves,” said Attorney General James. “Bad actors can use the stolen information to impersonate individuals or cause financial harm. Identity theft is a serious issue, and my office will continue to take action to keep New Yorkers safe.” 

Attorney General James urges anyone who believes they were impacted by this to take the following steps to protect themselves: 

• Monitor your credit. Credit monitoring services track your credit report and alert you whenever a change is made, such as a new account or a large purchase. Most services will notify you within 24 hours of any change to your credit report.     
• Consider placing a free credit freeze on your credit report. Identity thieves will not be able to open a new credit account in your name while the freeze is in place. You can place a credit freeze by contacting each of the three major credit bureaus: 
  • Equifax | https://www.equifax.com/personal/credit-report-services/credit-freeze +1 (888) 766-0008 
  • Experian | https://www.experian.com/freeze/center.html +1 (888) 397-3742 
  • TransUnion | https://www.transunion.com/credit-freeze +1 (800) 680-7289   
• Place a fraud alert on your credit report. A fraud alert tells lenders and creditors to take extra steps to verify your identity before issuing credit. You can place a fraud alert by contacting any one of the three major credit bureaus.   
• Obtain copies of your medical records. Contact your doctors, clinics, health care providers, pharmacy, and insurance company to get copies of your medical records. Review the records for anything you do not recognize. After a review of your medical records, report any errors and ask for corrections from your health care providers.
• Contest unrecognized medical billing: Wrongdoers may receive medical services in your name where you receive the bill. You should contest anything you do not recognize. 
• Inform your insurance company. Tell your insurance provider of any suspected fraud and find out if they have specific protocols for these situations. If the attack is related to Medicare, contact the U.S. Department of Health and Human Services Office of Inspector General online or at 800-447-8477. 

If you fall victim to medical identity theft, you should consider filing a report with the FTC online or at 877-438-4338.