Security News > 2022 > July > 1.9m patient records exposed in healthcare debt collector ransomware attack
Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that more than 1.9 million people's private data - including names, addresses, social security numbers and health records - was exposed during a ransomware infection.
In a notice [PDF] posted on its website, PFC said it "Detected and stopped a sophisticated ransomware attack" on February 26 this year, during which criminals accessed files containing data from more than 650 healthcare providers [PDF].
As stated, PFC claims it found no evidence of personal information being misused and maintains that data security is one of its "Highest priorities."
"Since the incident, PFC wiped and rebuilt affected systems and has taken steps to bolster its network security," the ransomware notice said.
The company did not answer any of The Register's questions about the ransomware infection - including how much money the crooks demanded, whether PFC paid the ransom, why it took so long to notify affected medical centers and patients, and if the stolen files were encrypted prior to the attack.
The news about the PFC ransomware attack comes as the Institute for Security and Technology's Ransomware Task Force released data documenting more than 4,000 attacks last year targeting organizations across all industries in 109 countries.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/07/13/19m_patients_medical_data_exposed/
Related news
- Mega US healthcare payments network restores system 9 months after ransomware attack (source)
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)