Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations.
Founded in 1904, PFC helps thousands of healthcare, government, and utility organizations across the U.S. ensure that customers pay their invoices on time.
The company started notifying the impacted healthcare providers' patients on May 5, saying that an ongoing investigation discovered that the attackers accessed files containing their personal information before encrypting some of PFC's systems.
Sensitive information exposed during the attack includes patients' first and last names, addresses, accounts receivable balance and information regarding payments made to accounts.
In some cases, the files also contained dates of birth, social security numbers, and health insurance and medical treatment information.
While PFC did not share the exact number of affected healthcare providers, it linked to a PDF file listing all the impacted orgs containing the names of 657 healthcare entities.
"PFC today is mailing letters to potentially involved individuals with detail about the incident and providing resources they can use to help protect their information," the company said.
"PFC is also offering potentially involved individuals access to free credit monitoring and identity theft protection services through Cyberscout, a leading identity protection company."
Quantum ransomware attack
Although PFC did not reveal the name of the ransomware used to encrypt its systems, AdvIntel CEO Vitali Kremez told BleepingComputer that members of the Quantum ransomware gang were behind the February attack.
