Dive Brief:
- A ransomware attack that hit a debt collections agency in February potentially exposed the data of almost 2 million patients, according to an update on the Department of Health and Human Services breach reporting portal.
- Northern Colorado-based Professional Finance Company (PFC) disclosed the attack earlier this month, informing more than 650 of its healthcare provider clients that their data may have been affected.
- It’s the second-largest health data breach this year after the cyberattack of medical imaging and outpatient surgical services provider Shields Health Care Group in March, per the HHS portal.
Dive Insight:
Cyberattacks in the healthcare sector are becoming more frequent, spurring industry concern as an attack on one company can have broad repercussions for patient data in today’s era of interconnected health information systems.
The Shields breach earlier this year affected data from almost 60 healthcare facilities affiliated with the medical service provider, adding up to 2 million patients.
Along with targeting providers directly, malicious actors also are going after the third parties that contract with them, as side doors to accessing the troves of sensitive medical data providers collect.
Recently, eye care management software provider Eye Care Leaders, patient care guidelines provider MCG Health and health tech company Omnicell all have been hit by breaches.
The PFC attack affected the data of more than 1.9 million patients, the provider disclosed to the federal government.
Before PFC detected and blocked the attack, hackers were able to access and disable some of the company’s computers, giving access to information such as patient names, addresses, Social Security numbers and health insurance and medical treatment data. Affected providers include Arizona-based nonprofit Banner Health and Nevada physician network Renown Health.
The payment vendor is sending out breach notification letters to patients saying their personal and medical information may have been compromised.
