657 Healthcare Companies Impacted by Ransomware Attack on Professional Finance Company

Accounts receivable management firm Professional Finance Company Inc. (PFC) located in Greeley, CO announced a serious data breach that possibly impacted 657 of its healthcare company customers.

As per the PFC web page, the company is one of the top-rated debt recovery companies in the nation, and its list of clients comprises lots of healthcare companies, suppliers, financial institutions, and government institutions. Based on the company’s substitute breach announcement, an advanced ransomware attack had been discovered and blocked on February 26, 2022; nonetheless, not soon enough to avoid the deactivation of a few of its computer systems.

Third-party forensics experts were employed to look into the breach and give support to protecting its system. According to the investigation, an unauthorized third party acquired access to files and systems that comprised information related to patients of its healthcare organization clients. PFC claimed that it mailed breach notification letters to all affected healthcare company clients on May 5, 2022. Subsequently, all impacted persons had gotten breach notification letters.

The investigation did not find any proof of misuse of patient information, however, data theft and wrong use cannot be excluded. The types of data likely accessed during the attack consisted: names, addresses, accounts receivable amounts, details about payments made to accounts, and, for a number of individuals, Social Security numbers, dates of birth, medical insurance details, and health treatment data.

PFC mentioned it is offering free identity theft protection and credit monitoring services to affected people. PFC has posted a record of the healthcare organizations impacted, an action that is not done in many cases of data breaches that happened at business associates of HIPAA-covered entities.

The data breach is not yet published on the HHS’ Office for Civil Rights web page, hence it is not clear how many persons were affected by the ransomware attack, nevertheless with 657 healthcare companies impacted, it is probable that this is one of the major healthcare data breaches this year.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone