A ransomware attack on a little-known debt collection firm that services hundreds of hospitals and healthcare facilities across the US could be one of the biggest personal and medical data breaches this year.
A Colorado-based professional finance company known as PFC, which contracts with “thousands” of organizations to process unpaid bills and outstanding customer and patient balances, said on July 1 that it was hit by ransomware a few months ago in February.
pfc said in a data breach notice what over 650 healthcare providers suffered from his ransomware attack, adding that the attackers took patients’ names, addresses, their outstanding balance, and information relating to their account. The PFC said that in “some cases” the attackers also took birth dates, social security numbers, and health insurance and treatment information.
In a separate filing with the U.S. Department of Health and Human Services, PFC confirmed that more than 1.91 million patients have been affected by a cyberattack.
At least two healthcare organizations affected by the PFC have issued their own data breach notices. Bayhealth Medical Center in Delaware said 17,481 patients were affected by a PFC disorder, while Coleman County Medical Center in Texas reported a disorder to 1,159 patients.
The attack on the PFC is second only to March 2022 data breach at Shields Health Care Group, a medical imaging company with offices throughout New England, which affected nearly two million patients.
PFC CEO Michael Shoup did not respond to our email requesting information about the ransomware attack. Instead, the company’s general counsel, Nick Prola, repeated his standard statement in an email but declined to answer our specific questions, including why it took the company four months to notify affected healthcare providers and whether the stolen data was encrypted.
This is not the first time that a debt collection firm has been targeted by cybercriminals, resulting in massive identity theft. At least 20 million patients had their data stolen when the medical debt collector AMCA contracted with the lab testing giants. LabCorp as well as Quest Diagnostics, suffered from a data breach. AMCA subsequently filed for bankruptcy following the breach.
You can reach this reporter on Signal and WhatsApp at +1 646-755-8849 or email [email protected]
Credit: techcrunch.com /