Medical Transcription Provider Hacked, Compromising Data for Nearly 9M People

Transcription Provider Hacked

Transcription is in the news — though in this case, “bad press” is worse than “no press.” Medical transcription provider Perry Johnson & Associates disclosed in a filing with the US Department of Health and Human Services a massive security breach that affected more than 8.95m individuals, TechCrunch reported November 15, 2023.

The cyberattack — which TechCrunch described as “one of the worst medical-related data breaches in recent times” — began as early as March 2023. PJ&A began notifying patients whose information was compromised on October 31, 2023.

The stolen data included patient names and dates of birth, addresses, and some social security numbers, all of which could be used in identity theft. Medical records, admission diagnoses, and dates and times of services were also among the sensitive information.

Of the nearly 9m patients whose information was breached, 3.89m were patients of the Northwell Health system. Notably, this the second breach of Northwell Health patient data in 2023, after another transcription provider, Nuance Communications, fell victim to a mass hack.  

PJ&A explained in a statement on its website that “an unauthorized party” accessed and acquired copies of certain files from March 27-May 2, 2023.

The company noted that “we have no evidence that individuals’ information has been misused for the purpose of committing fraud or identity theft,“ but established a “dedicated toll-free call center” for affected individuals to discuss concerns about the breach.

Transcription: Multifaceted and Multilingual

Outside of hacks and healthcare, transcription has been gaining attention for its role in downstream NLP tasks (e.g., speech-to-speech translation, captioning) and innovations in automated speech-to-text technology.

Dictation is a mainstay, if a bit old-school, in US healthcare. Medical professionals (typically physicians) dictate notes about patient visits into a recording device. A human transcriptionist types what they hear, converting the audio into usable text. 

Transcription has uses beyond healthcare, of course. Canadian company VIQ Solutions, for instance, got its start in legal settings and now tackles challenges such as multispeaker content.

In the language industry, automatic speech recognition (ASR) is considered a fundamental building block in the quest for speech-to-speech translation, the practical applications of which include dubbing and navigation assistance for tourists. 

OpenAI debuted its ASR system Whisper in 2022, offering multilingual transcription and into-English translation. Meta, not to be outdone, launched its own system in May 2023.

It is unclear whether PJ&A provides transcription via ASR at all. It does, however, offer Crystal, a “mobile dictation app” that the company promises “will quickly replace your old Dictaphone, telephone, and DVRs and improve the turnaround on transcription by getting dictations to our transcriptionists faster.” 

In other words, the app allows users to record their dictation and send the audio file directly to the company using their mobile phone. 

A possible future “human-in-the-loop” workflow might see the app evolve to transcribe audio immediately, and transfer the “rough draft” to a human transcriptionist (along with the source audio) for “post-editing.”

The app reportedly encrypts recordings prior to transmission in order to protect patient and client confidentiality — but as the recent data breach has shown, cybersecurity threats continue to evolve and so, too, must the technology meant to address them.