The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

657 Healthcare Providers Affected by Ransomware Attack on Professional Finance Company

Posted By on Jul 4, 2022

A major data breach has been reported by the Greeley, CO-based accounts receivable management company, Professional Finance Company Inc. (PFC) which is believed to have affected 657 of its healthcare provider clients.

According to the PFC website, the company is one of the nation’s leading debt recovery agencies, and its client list includes many healthcare providers, retailers, financial organizations, and government agencies. According to the company’s substitute breach notice, a sophisticated ransomware attack was detected and blocked on February 26, 2022; however, not in time to prevent some of its computer systems from being disabled.

Third-party forensics specialists were engaged to investigate the breach and provide assistance with securing its environment. That investigation confirmed that an unauthorized third party had access to systems that contained information about patients of its healthcare provider clients, and files containing patient data were accessed. PFC said it sent notification letters to all affected healthcare provider clients on May 5, 2022, and has since issued notification letters to all affected individuals.

The investigation uncovered no evidence of misuse of patient data, but data theft and misuse could not be ruled out. The types of information potentially accessed in the attack included names, addresses, accounts receivable balances, information regarding payments made to accounts, and, for some individuals, birth dates, Social Security numbers, health insurance information, and medical treatment information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

PFC said it is providing complimentary credit monitoring and identity theft protection services to affected individuals. In contrast to several recent data breaches at business associates of HIPAA-covered entities, PFC has published a list of the healthcare providers affected. According to AdvIntel CEO Vitali Kremez, the Quantum ransomware operation was behind the attack.

A previous data breach at a company that provided similar services – American Medical Collection Agency (AMCA) – also resulted in the exposure of data of clients. That breach was the largest to be reported in 2019 and affected 26 million individuals. At least 24 of its clients were affected.

Professional Finance Company has reported the breach to the HHS’ Office for Civil Rights as affecting 1,918,941 individuals; however, some healthcare organizations appear to be reporting the breach separately. For instance, Bayhealth Medical Center in Delaware has self-reported the breach as affecting 17,481 individuals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist