A ransomware assault on a little-known debt assortment agency that serves tons of of hospitals and medical amenities throughout the U.S. could possibly be one of many largest knowledge breaches of private and well being data this yr.
The Colorado-based Professional Finance Company, referred to as PFC, which contracts with “thousands” of organizations to course of buyer and affected person unpaid payments and excellent balances, disclosed on July 1 that it had been hit by ransomware months earlier in February.
PFC stated in its data breach notice that more than 650 healthcare providers are affected by its ransomware assault, including that the attackers took affected person names, addresses, their excellent stability and data referring to their account. PFC stated that in “some cases” dates of start, Social Security numbers and medical insurance and medical therapy data had been additionally taken by the attackers.
In a separate submitting with the U.S. Department of Health and Human Services, PFC confirmed that greater than 1.91 million sufferers are affected by the cyberattack.
At least two healthcare organizations listed as affected by PFC have issued their very own knowledge breach notifications. Bayhealth Medical Center in Delaware stated 17,481 sufferers had been affected by the PFC breach, whereas Coleman County Medical Center in Texas disclosed the breach to 1,159 sufferers.
The assault on PFC is second solely in measurement to a March 2022 data breach at Shields Health Care Group, a medical imaging firm with amenities throughout New England, affecting an estimated two million sufferers.
PFC chief govt Michael Shoop didn’t reply to our electronic mail asking for details about its ransomware assault. Instead, the corporate’s common counsel Nick Prola reiterated its boilerplate assertion in an electronic mail however declined to reply our particular questions, together with why it took the corporate 4 months to inform affected healthcare suppliers and whether or not the stolen knowledge was encrypted.
It’s not the primary time a debt assortment agency has been focused by cybercriminals and resulted in a large theft of private data. At least 20 million sufferers had knowledge stolen when AMCA, a medical debt collector contracted with laboratory testing giants LabCorp and Quest Diagnostics, was hit by an information breach. AMCA subsequently filed for chapter following the breach.
You can contact this reporter on Signal and WhatsApp at +1 646-755-8849 or firstname.lastname@example.org by electronic mail.