Security News > 2022 > July > 1.9m patient records exposed in healthcare debt collector ransomware attack
Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that more than 1.9 million people's private data - including names, addresses, social security numbers and health records - was exposed during a ransomware infection.
In a notice [PDF] posted on its website, PFC said it "Detected and stopped a sophisticated ransomware attack" on February 26 this year, during which criminals accessed files containing data from more than 650 healthcare providers [PDF].
As stated, PFC claims it found no evidence of personal information being misused and maintains that data security is one of its "Highest priorities."
"Since the incident, PFC wiped and rebuilt affected systems and has taken steps to bolster its network security," the ransomware notice said.
The company did not answer any of The Register's questions about the ransomware infection - including how much money the crooks demanded, whether PFC paid the ransom, why it took so long to notify affected medical centers and patients, and if the stolen files were encrypted prior to the attack.
The news about the PFC ransomware attack comes as the Institute for Security and Technology's Ransomware Task Force released data documenting more than 4,000 attacks last year targeting organizations across all industries in 109 countries.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/13/19m_patients_medical_data_exposed/
Related news
- Surge in Magniber ransomware attacks impact home users worldwide (source)
- Keytronic reports losses of over $17 million after ransomware attack (source)
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack (source)
- McLaren hospitals disruption linked to INC ransomware attack (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)