1.9m patient records exposed in healthcare debt collector ransomware attack

Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that private data – including names, addresses, social security numbers, and health records – for more than 1.9 million people was exposed during a ransomware infection.

In a notice posted on its website, PFC said it "detected and stopped a sophisticated ransomware attack" on February 26 this year, during which criminals accessed files containing data from more than 650 healthcare providers. The company said it notified the affected medical centers around May 5, and is mailing letters to individuals whose data may have been stolen during the intrusion.

According to the US Department of Health and Human Services, more than 1.9 million individuals were affected in the security breach, which could make it one of — if not the — biggest American medical info data breaches of the year.

For comparison: in a 2019 breach of American Medical Collection Agency, which provided similar debt collection services to PFC, crooks stole more than 20 million patient records including several hundred thousand payment card details. Shortly after, the agency declared bankruptcy.

https://www.theregister.com/2022/07/13/19m_patients_medical_data_exposed/

A thing made possible by the World's Greatest Healthcare System.