A collection agency based in Colorado was the victim of a ransomware attack that affected more than 650 of its healthcare clients, according to published reports.
Labeling the event a “data incident”, Professional Finance Company has posted a document on its website, saying that it detected and stopped a ransomware attack on its systems back in February. An investigation “determined that an unauthorized third party accessed files containing certain individuals’ personal information” so PFC took the step of notifying its healthcare providers of the incident in May. The company also published a list of the providers that were notified.
Among the information that may have been accessed was the first and last name, address, accounts receivable balance and information regarding payments, and dates of birth and Social Security numbers in some cases. PFC said it has not found any evidence that personal information has been misused, and has set up a call center for individuals who have questions or who want to enroll in free credit monitoring or identity theft protection services.
“Data security is one of PFC’s highest priorities,” the company said in its disclosure. “Since the incident, PFC wiped and rebuilt affected systems and has taken steps to bolster its network security. PFC also reviewed and altered its policies, procedures, and network security software relating to the security of systems and servers, as well as how data is stored and managed.”
The attack is part of a trend in which cybercriminals are going after organizations that partner with healthcare providers, according to a published report.