Data breach at debt collector affects nearly 2 million healthcare patients

Diving Brief:

  • A ransomware attack that hit a debt collection agency in February potentially exposed the data of nearly 2 million patients, according to an update on the HHS Breach Reporting Portal.
  • The Northern Colorado-based Professional Finance Company (PFC) disclosed the attack earlier this month, notifying more than 650 of its healthcare provider customers that their data may have been affected.
  • It is the second largest health data breach this year after the cyberattack on medical imaging and outpatient surgery service provider Shields Health Care Group in March, according to the HHS portal.

Overview of the dive:

Cyberattacks in the healthcare sector are becoming more common, raising concern in the industry, as an attack on a company can have wide-ranging impacts on patient data in today’s era of information systems on interconnected health.

The Shields breach earlier this year affected data from nearly 60 healthcare facilities affiliated with the medical service provider, totaling up to 2 million patients.

In addition to directly targeting vendors, malicious actors also prey on third parties who contract with them, as side doors to access vendor treasures of sensitive medical data.

Recently, eye care management software provider Eye Care Managersprovider of patient care guidelines MCG Health and health technology company Omnicell all were breached.

The PFC attack affected the data of more than 1.9 million patients, the supplier revealed to the federal government.

Before PFC detected and blocked the attack, hackers could access and disable certain company computers, giving access to information such as names, addresses, social security numbers, health insurance and treatment data. patient medical. Affected providers include Banner Health, an Arizona-based nonprofit, and Renown Health, a Nevada physician network.

The payment provider sends breach notification letters to patients stating that their personal and medical information may have been compromised.

Source link

John A. Bogar