A ransomware attack in February against a medical debt collection company caused a widespread data breach affecting 657 healthcare organizations.
In a statement late last week, Professional Finance Company said that during the attack, the ransomware group gained access to databases containing names, addresses, accounts receivable balances, information regarding payments made to accounts, dates of birth, social security numbers, and health information. insurance data and medical treatment information.
Professional Finance Company said it notified all 657 companies in May.
“On February 26, 2022, PFC detected and stopped a sophisticated ransomware attack, in which an unauthorized third party accessed and disabled some of PFC’s computer systems. PFC immediately engaged third-party forensic specialists to help secure the network environment and investigate the extent of any unauthorized activity,” the company said.
“Federal law enforcement has also been notified. The ongoing investigation has determined that an unauthorized third party accessed files containing the personal information of certain individuals during this incident. PFC notified the respective healthcare providers on May 5, 2022. This incident only impacted data in PFC’s systems.
Professional Finance Company has access to so much personal information due to its role as a debt collection company. Since its founding in 1904, healthcare organizations have sold medical debt to the company once they felt it was too difficult to trace someone.
Healthcare organizations provide the company with information about patients or customers who have not paid, making them an ideal target for hackers.
AdvIntel CEO Vitali Kremez told BleepingComputer that the attack was launched by Quantum ransomware, which was recently brought to light by researchers at Symantec for its links to the new Bumblebee malware loader.
The DFIR report published a study in April on Quantum, noting that it was responsible for one of the fastest ransomware cases they had ever observed. The gang was able to encrypt and ransom a network in less than four hours.