A little-known debt collection firm that serves hundreds of hospitals and medical facilities across the U.S. could be the site of one of the biggest data breeches of the year.
PFC, a Colorado-based company that contracts with thousands of organizations to process customer and patient bills and outstanding balances, disclosed on July 1 that it had been hit by a ransomware attack in February.
The attackers took patient names, addresses, their outstanding balance and information relating to their account, according to PFC. Dates of birth, Social Security numbers, health insurance and medical treatment information were taken by the attackers.
PFC told the U.S. Department of Health and Human Services that 1.91 million patients were affected by the cyberattack.
Two healthcare organizations are affected by PFC. According to Bayhealth Medical Center in Delaware, 17,481 patients were affected by the PFC breach.
Two million patients were affected by the data breach at Shields Health Care Group, which was the second largest in history.
Michael Shoop did not reply to our email about the attack. Nick Prola, the company's general counsel, refused to answer our specific questions, including why it took the company four months to notify affected healthcare providers and whether the data was protected.
It is not the first time a debt collection firm has been targeted by the same group of people. At least 20 million patients had their data stolen when AMCA, a medical debt collection company, was hit by a data breach. AMCA subsequently filed for Chapter 11 protection.
You can get in touch with this reporter by email or by phone.
All Rights Reserved © 2024
