Debt-collection company Professional Finance Company (PFC) this month disclosed that data on healthcare patients from hundreds of its medical organization clients had been breached in a ransomware attack on the firm in February. PFC provides collection services for some 650 hospitals and healthcare facilities in the US.
“PFC found no evidence that personal information has been specifically misused,” the company said its data breach disclosure notice, but added that “it is possible” some patient data was “accessed by an unauthorized third party.”
Among that data: patient names, addresses, account balances, and in some instances, birth dates, Social Security numbers, health insurance information, and treatment data, PFC said. According to a report on Tech Crunch, PFC told the US Department of Health and Human Services that the attack affected 1.91 million patients.