Colorado-based debt collection company, Professional Finance Company (PFC), recently fell victim to a ransomware attack that exposed the healthcare data of over 1.9 million US citizens.
The agency, which handles data from 650 healthcare providers across the country, disclosed that it had been struck by the cyberattack in February of this year.
Unfortunately, this isn't the first breach of its kind. Ransomware attacks on healthcare services — especially medical debt collectors — are growing year on year, highlighting the need for adequate cyber security investment.
More than 1.9 Million Patients Affected by Recent Cyberattack
In July, the healthcare debt collection agency PFC announced that it was exposed to a ransomware breach on the 26th of February.
The company, whose clients include hundreds of US hospitals, medical clinics, and dental groups disclosed that the private data of more than 1.9 million was compromised in the attack.
Among the stolen information were the full names, dates of birth, addresses, social security numbers, and health records of US patients. According to the US Department of Health and Human Services, this makes it one of the largest American medical data breaches of the year.
In a PDF the company recently posted on its website, it explained that it had “detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems” and that it “found no evidence that personal information has been specifically misused”.
It also listed the 657 healthcare providers that were affected in a separate PDF.
Since the attack took place PFC has also claimed to “bolster its network security” by wiping and rebuilding the affected systems. But with the agency refusing to admit whether the stolen information was encrypted, these efforts might have come a little too late.
Cyberattacks on Healthcare Companies are Nothing New
This incident represents the biggest attack on medical debt collectors this year so far. But it's not the first time an agency of this kind has faced the wrath of cybercriminals.
In 2019, a medical debt collector called AMCA, with ties to laboratory testing giants LabCorp and Quest Diagnostics, fell victim to a ransomware attack that exposed the personal data of over 20 million patients.
Due to the financial impact of the attack, the agency was forced to file for bankruptcy shortly after.
Unfortunately, these data violations follow a wider trend of attacks within healthcare industry. In 2021, threats against healthcare companies rose 69%. And with the financial losses averaging $1.85 million per hack, the sector also deals with one of the longest recovery times after the incidents take place.
Due to weak cyber defenses in the medical and healthcare industry, private companies are proving to be lucrative targets for cybercriminals. But just like most attacks, they're often preventable.
How to Stop This From Happening to Your Company
If PFC's recent data breach should tell you anything, it's that investing in your business's cybersecurity isn't just a matter of course, it's a necessity.
By using antivirus software as your first line of defense, you'll be able to reduce your chances of encountering a malware attack by up to 25%. Moreover, tools like password managers and virtual private networks (VPNs) are also tried and tested ways to prevent online threats from entering your system.
No single solution is 100% effective, though. So in addition to bolstering your business cyber defenses, it's also important to educate your workforce about data security and to exercise due diligence when necessary. Many attacks happen due to social engineering, with something as simple as a phishing email providing the route in for a hacker.