The company maintains that it was able to “detect and stop” the “sophisticated ransomware attack” on February 26, 2022, while the impacted healthcare providers were noticed in May 2022
A ransomware attack on a healthcare debt collector has potentially exposed the records of 1.9 million patients. The attack, which occurred in Colorado against Professional Finance Company (PFC), involved the installation of ransomware on the debt collector’s computer systems.
Furthermore, the ransomware encrypted the data on the systems, preventing it from being accessed. As a result of the attack, the debt collector was forced to shut down its computer systems. The company maintains that it was able to “detect and stop” the “sophisticated ransomware attack” on February 26, 2022, while the impacted healthcare providers were noticed in May 2022.
It is worth noting that this is not the first time when a US-based medical debt collector has suffered a ransomware attack. In August 2020, R1 RCM, formerly Accretive Health Inc., one of the largest medical debt collection firms in the United States, was hit by a major ransomware attack.
PFC immediately engaged third-party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity while Federal law enforcement was also notified.
Professional Finance Company (PFC)
What Data is Impacted?
According to PFC’s notice , for now, there is no evidence that the personal information has been “specifically misused” however it is quite a possibility that the attackers have access to victims’ PII data including the following:
- Full names
- Date of Birth
- Health Insurance Details
- Accounts Receivable Balance
- Medical Treatment Information
- Social Security Numbers (SSN)
- Information on Payments Made to Accounts
PFC is alerting victims of this data breach through letters. The company is also offering potentially involved individuals access to free credit monitoring and identity theft protection services.
More Ransomware Attack News
Healthcare data is a treasure trove for cybercriminals. Over the year, on numerous occasions, Hackread.com published exclusive reports on how crooks have been involved in selling healthcare and patients’ data on the dark web.
As for data stolen in PFC’s data breach, it could end up on cybercrime forums for sale or even as a free download and open door to multiple scams including identify theft on already vulnerable patients.
It is important for individuals who may have been affected to take steps to protect their information. Anyone who believes they may be at risk should monitor their credit reports and credit score, and be vigilant for any suspicious activity. Additionally, they should consider placing a fraud alert on their credit file.
In conclusion, this incident is a major concern because the number of exposed victims. It could lead to identity theft and other malicious activities. Healthcare organizations and in this case, debt collector agencies, should take steps to protect themselves from ransomware attacks, and patients should be vigilant about their personal information.
In a conversation with Hackread.com, Neil Jones, Director of Cybersecurity Evangelism at Egnyte expressed their concerns over the incident as it could end up impacting millions of unsuspecting victims.
“The recent data breach at Professional Finance Company is especially concerning because healthcare debt collection information inherently includes PII (Personally Identifiable Information) and PHI (Protected Health Information), which are treasure troves for cyber-attackers,” Jones said.
Jones emphasized that businesses and organizations must implement proper security measures to fight off ransomware attacks.
“Organisations need to combine ransomware detection solutions with effective data recovery programs. Companies need to have incident response plans in place, to effectively notify their customers, employees, business partners, and the news media of potential breaches. During these dynamic times, routine technological audits need to occur on a more frequent basis than they did before, to prevent vulnerabilities from being exploited,” Jones advised.