PFC USA Suffers Ransomware Attack, Impacting 657 Healthcare Providers

PFC USA, a prominent accounts receivable management agency, has been the victim of a ransomware attack, affecting 657 healthcare providers and nearly two million individuals. The cyber incident took place on February 26, 2022, and was promptly identified and mitigated by PFC. The company swiftly engaged with third-party forensic experts to secure their network and conduct a thorough investigation.

Operating out of Greeley, Colorado, and established in 1904, PFC USA offers debt recovery services across various sectors including healthcare, retail, finance, and government. Despite the cybersecurity breach, PFC has demonstrated a strong commitment to cybersecurity, notably achieving a SOC 2 Type II audit, underscoring their dedication to upholding stringent cybersecurity standards.

Details of the Ransomware Attack

The ransomware attack led to unauthorized access and disruption of certain PFC computer systems, potentially compromising sensitive personal data. This includes names, addresses, birth dates, account balances and payment information, Social Security numbers, as well as health insurance and medical treatment details. While there is no current evidence of data misuse, the breach presents a risk of identity theft and fraudulent use of the accessed information.

In response to the attack, PFC has enhanced its network security measures, updated its policies and procedures, and upgraded its network security software. Additionally, the company is offering complimentary credit monitoring and identity theft protection services to those potentially affected. PFC has also informed the impacted healthcare providers and established a dedicated toll-free call center to address concerns and facilitate enrollment in credit monitoring services.

The Broader Implications of the Attack

This incident is indicative of a growing trend where cybercriminals target partner organizations as a means to indirectly affect healthcare providers. It underscores the critical need for robust cybersecurity defenses across all entities that handle sensitive personal information.

The ransomware attack on PFC USA serves as a stark reminder of the ongoing threats in the digital landscape, particularly for the healthcare sector. It emphasizes the importance of continuous vigilance and the implementation of comprehensive cybersecurity measures to safeguard sensitive data.

Sources

• PFC USA
• PFC USA Provides Notice of Data Security Incident
• Vendor Ransomware Attack Impacts 660 Healthcare Organizations
• Data Breach at PFC USA Impacts Patients of 650 Healthcare Providers
• Ransomware attack targets Professional Finance Co., affecting 657 of the company’s health-care-provider clients