Perry Johnson & Associates (PJ&A), a Nevada-based medical transcription services company, was breached between March 27 and May 2, 2023. The breach went undetected for over a month, and PJ&A did not notify downstream clients until November 2023, six months after discovery. At least 14 million total patients were affected across PJ&A clients. Concentra Health Services confirmed 3,998,163 of its patients were affected. Additional major victims included Cook County Health (~1.2 million patients) and Northwell Health (~3.9 million patients). Stolen data included names, dates of birth, addresses, medical record numbers, admission diagnoses, lab/diagnostic testing results, medications, and for some individuals Social Security numbers and insurance information.