Professional Finance Company, Inc. is providing breach notifications to patients of 657 covered entities
So this one could be another big one:
Professional Finance Company, Inc. (“PFC”), an accounts receivable management company that provides assistance to various organizations (including healthcare providers), announced today that it is notifying individuals whose information may have been involved in a recent network security incident.
On February 26, 2022, PFC detected and stopped a sophisticated ransomware attack, in which an unauthorized third party accessed and disabled some of PFC’s computer systems. PFC immediately engaged third party forensic specialists to assist with securing the network environment and investigating the extent of any unauthorized activity. Federal law enforcement was also notified. The ongoing investigation determined that an unauthorized third party accessed files containing certain individuals’ personal information during this incident. PFC notified the respective healthcare providers on May 5, 2022. This incident only impacted data on PFC’s systems. The list of healthcare providers can be viewed here:
PFC found no evidence that personal information has been specifically misused; however, it is possible that the following information could have been accessed by an unauthorized third party: first and last name, address, accounts receivable balance and information regarding payments made to accounts, and, in some cases, date of birth, social security number, and health insurance and medical treatment information.
PFC today is mailing letters to potentially involved individuals with detail about the incident and providing resources they can use to help protect their information. PFC is also offering potentially involved individuals access to free credit monitoring and identity theft protection services through Cyberscout, a leading identity protection company.
Read more of their notice at PRNewswire. Note that the list of affected healthcare providers lists 657 covered entities.
Number of covered entities corrected post-publication.