Security News > 2022 > July > 1.9m patient records exposed in healthcare debt collector ransomware attack

Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that more than 1.9 million people's private data - including names, addresses, social security numbers and health records - was exposed during a ransomware infection.

In a notice [PDF] posted on its website, PFC said it "Detected and stopped a sophisticated ransomware attack" on February 26 this year, during which criminals accessed files containing data from more than 650 healthcare providers [PDF].

As stated, PFC claims it found no evidence of personal information being misused and maintains that data security is one of its "Highest priorities."

"Since the incident, PFC wiped and rebuilt affected systems and has taken steps to bolster its network security," the ransomware notice said.

The company did not answer any of The Register's questions about the ransomware infection - including how much money the crooks demanded, whether PFC paid the ransom, why it took so long to notify affected medical centers and patients, and if the stolen files were encrypted prior to the attack.

The news about the PFC ransomware attack comes as the Institute for Security and Technology's Ransomware Task Force released data documenting more than 4,000 attacks last year targeting organizations across all industries in 109 countries.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/13/19m_patients_medical_data_exposed/