Professional Finance Company (PFC) Inc. details what could be the largest healthcare data breach this year

DESCRIPTION

Professional Finance Company (PFC) Inc is a debt collection and accounts receivable management company that caters to healthcare, government, and utility organizations across the U.S. PFC provided details into what could be the largest healthcare data breach this year. The company released a list of organizations whose data may have been compromised due to a ransomware attack on PFC in February 2022. The company began contacting the patients of affected organizations on May 5, 2022. Compromised data included names, contact information, birth dates and social security numbers (SSN) as well as other details regarding health insurance, medical treatments, and payment information. Evidence shows that the data was accessed prior to the encryption attack. While forensics have not been able to confirm whether any data was misused by the attackers, the possibility has not been ruled out.

IDENTIFY INDICATORS OF COMPROMISE (IOC)

The attack was detected by a third-party cybersecurity platform on February 23, 2022. The platform vendor confirmed that the attack was carried out by the Quantum ransomware gang and that data was exfiltrated using various command line tools. Quantum is a rebranding of an earlier ransomware called MountLocker. As a calling card, the gang appends a .quantum file extension to the encrypted files. Quantum currently has a reputation of encrypting files in record time. While other ransomware strains such as Conti can take multiple weeks to encrypt all the files within a company’s on-prem domain, Quantum can complete the encryption process in a matter of hours.

CONTAINMENT (If IoCs are identified)

PCF stated that while they were able to block the encryption attempt, some of their systems were brought down during the attack. The company is providing credit monitoring to all of those whose identity may have been compromised at no cost.

FBI ALERT

The announcement of PCF comes days after a cybersecurity advisory was issued by the FBI and Cybersecurity and Infrastructure Security Agency (CISA) regarding a state sponsored series of attacks directed at the U.S. healthcare sector by a North Korean sponsored ransomware organization. The attacks have been taking place since May 2021 using the Maui ransomware. The attacks specifically target servers to bring down diagnostic, imaging, and intranet services for prolonged periods.

PREVENTION

Healthcare organizations are urged to prepare for these types of attacks by taking the following measures:

  • Enforce least privilege security measures for all standard user accounts so that regular users do not have local admin rights that can be exploited if an account is compromised
  • Utilize SSL certificates to authenticate connections and encrypt communication for IoT medical devices and electronic record systems to order to prevent data in transit from being captured or manipulated
  • Encrypt any data repositories that host personal and patient identifiable information (PII) to secure it at rest
  • Keep all operating systems, software applications and firmware updated to the latest versions to prevent threat actors from exploiting patch vulnerabilities
  • Use monitoring tools to observe and detect any non-prescribed behavior regarding applications or IoT devices
  • Require administrator credentials to install all software on computer device
  • Audit all user accounts with administrative rights or escalated privileges

Be prepared to provide a brief background of your business, a summary of how the attack has affected its operations.

Ensure your Incident Response Readiness (IRR) in the event of attack. Conduct a Ransomware Risk Assessment for the proper safeguards. Review your security and risk profile.

 

 

PHI

 

Cybersecurity & Risk News, Updates, Resources
HALOCK Breach Bulletin
Exploit Insider
Cybersecurity Awareness Posters

Review Your Security and Risk Profile

 

Frequently Asked Questions

What is HIPAA compliance?

This refers to the process for following the procedures required by the Health Insurance Portability and Accountability Act. HIPAA is the law that established the current standards for protecting patients’ sensitive health-related data. The goal is to ensure healthcare companies do everything possible to secure and protect this information to prevent data breaches.

 

What is a HIPAA-covered entity?

Entities that are required to adhere to the HIPAA standards include healthcare providers, health plan providers, and healthcare clearinghouses. All of these entities are entrusted with patients’ personal information including Social Security numbers (SSNs), bank account details, and medical histories. Any enterprise that falls into these categories can benefit from HIPAA compliance solutions.

 

What are HIPAA violations?

There are a number of ways in which a HIPAA-covered entity can fail to comply with regulations. These can include transmitting patient data without sufficient encryption, disclosing patient information to unauthorized entities or falling victim to cyberattacks that expose the data. The scope of potential violations and the severity of the penalties involved makes it all the more important that businesses enlist the help of HALOCK as their HIPAA consultant.

 

Are there any new HIPAA requirements we should be aware of?

If your organization is responsible for HIPAA compliance, you may have another incentive to begin regular pen testing. That is because on December 24, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to modify HIPAA. Learn more details in this HIPAA article.

 

Where can I find a guide to HIPAA Acronyms?

Read a glossary of HIPAA and healthcare acronyms.

 

What are the top threats facing the healthcare industry?

Top Cyber Threats in Healthcare

 

Review Your Risk and Security Profile.