Ransomware Attack Leaves 1.9 Million Patient Records Exposed

Professional Finance Company reveals large-scale ransomware infection in a major cybersecurity breach.

MaryBeth Monaco-Vavrik Writer Intern
MaryBeth is a writer intern with the CNET Home team covering a wide array of topics such as appliances, tech, money, wellness and health. She is finishing her undergraduate degree in political science and communication studies at Davidson College in North Carolina, where she works to reduce sexual violence. She believes in the power of information, racial and gender equity, communication and a good sit-com.
MaryBeth Monaco-Vavrik

A ransomware infection has affected more than 650 health care providers and nearly 2 million patients.

Photo by Chesnot/Getty Images

A ransomware attack on debt-collections agency Professional Finance Company targeted the information of 1.9 million patients across 657 health care providers earlier this year. The attack is one of the largest US medical information breaches in 2022. 

"An unauthorized third party" could have accessed sensitive information such as names, addresses, payments made to accounts, dates of birth, Social Security numbers and health insurance and medical treatment information, the company said in its ransomware notice. The company said it has "found no evidence that personal information [had] been specifically misused."

Cyberattacks and data breaches are constant at this point, but some still stand out, like this one.

Professional Finance Company, which is based in Colorado, disclosed the security breach only recently. The attack occurred in February. The company notified impacted health care providers in May and has since begun notifying the patients. The company said it has taken measures since the attack to address affected systems through bolstered network security and policy revisions to the storage of information.

Nicholas Prola, general counsel for the company, told CNET that everyone affected is being offered "access to free credit monitoring and identity theft protection services" through identity protection company Cyberscout. Since the attack, Prola said, the "network environment has been under 24/7 monitoring by cybersecurity experts to mitigate the chance of a future incident."