A ransomware attack on debt-collections agency Professional Finance Company targeted the information of 1.9 million patients across 657 health care providers earlier this year. The attack is one of the largest US medical information breaches in 2022.
"An unauthorized third party" could have accessed sensitive information such as names, addresses, payments made to accounts, dates of birth, Social Security numbers and health insurance and medical treatment information, the company said in its ransomware notice. The company said it has "found no evidence that personal information [had] been specifically misused."
Cyberattacks and data breaches are constant at this point, but some still stand out, like this one.
Professional Finance Company, which is based in Colorado, disclosed the security breach only recently. The attack occurred in February. The company notified impacted health care providers in May and has since begun notifying the patients. The company said it has taken measures since the attack to address affected systems through bolstered network security and policy revisions to the storage of information.
Nicholas Prola, general counsel for the company, told CNET that everyone affected is being offered "access to free credit monitoring and identity theft protection services" through identity protection company Cyberscout. Since the attack, Prola said, the "network environment has been under 24/7 monitoring by cybersecurity experts to mitigate the chance of a future incident."