Medical debt collection firm says ransomware attack exposed info on 650+ healthcare orgs

A February ransomware attack on a medical debt collection company caused a widespread data breach affecting 657 healthcare organizations

In a statement issued late last week, Professional Finance Company said that during the attack the ransomware group gained access to databases that held names, addresses, accounts receivable balances, information regarding payments made to accounts, dates of birth, Social Security numbers, and health insurance data and medical treatment information.

Professional Finance Company said it notified the 657 companies in May. 

“On February 26, 2022, PFC detected and stopped a sophisticated ransomware attack, in which an unauthorized third party accessed and disabled some of PFC's computer systems. PFC immediately engaged third party forensic specialists to assist with securing the network environment and investigating the extent of any unauthorized activity,” the company said. 

“Federal law enforcement was also notified. The ongoing investigation determined that an unauthorized third party accessed files containing certain individuals' personal information during this incident.  PFC notified the respective healthcare providers on May 5, 2022. This incident only impacted data on PFC's systems.”

Professional Finance Company has access to so much personal information because of its role as a debt collection firm. Since its founding in 1904, healthcare organizations have sold medical debts to the company once they feel it is too much work to track someone down. 

Healthcare organizations provide the company with information on patients or customers who have not paid, making them an ideal target for hackers. 

AdvIntel CEO Vitali Kremez told BleepingComputer the attack was launched by the Quantum ransomware, which was recently spotlighted by researchers at Symantec for its ties to the new Bumblebee malware loader. 

The DFIR Report released a study in April on Quantum, noting that it was responsible for one of the fastest ransomware cases they have ever observed. The gang was able to encrypt and ransom a network in under four hours. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.