Professional Finance Company (PFC) Inc. details what could be the largest healthcare data breach this year
Professional Finance Company (PFC) Inc is a debt collection and accounts receivable management company that caters to healthcare, government, and utility organizations across the U.S. PFC provided details into what could be the largest healthcare data breach this year. The company released a list of organizations whose data may have been compromised due to a ransomware attack on PFC in February 2022. The company began contacting the patients of affected organizations on May 5, 2022. Compromised data included names, contact information, birth dates and social security numbers (SSN) as well as other details regarding health insurance, medical treatments, and payment information. Evidence shows that the data was accessed prior to the encryption attack. While forensics have not been able to confirm whether any data was misused by the attackers, the possibility has not been ruled out.
|IDENTIFY INDICATORS OF COMPROMISE (IOC)|
The attack was detected by a third-party cybersecurity platform on February 23, 2022. The platform vendor confirmed that the attack was carried out by the Quantum ransomware gang and that data was exfiltrated using various command line tools. Quantum is a rebranding of an earlier ransomware called MountLocker. As a calling card, the gang appends a .quantum file extension to the encrypted files. Quantum currently has a reputation of encrypting files in record time. While other ransomware strains such as Conti can take multiple weeks to encrypt all the files within a company’s on-prem domain, Quantum can complete the encryption process in a matter of hours.
|CONTAINMENT (If IoCs are identified)|
PCF stated that while they were able to block the encryption attempt, some of their systems were brought down during the attack. The company is providing credit monitoring to all of those whose identity may have been compromised at no cost.
The announcement of PCF comes days after a cybersecurity advisory was issued by the FBI and Cybersecurity and Infrastructure Security Agency (CISA) regarding a state sponsored series of attacks directed at the U.S. healthcare sector by a North Korean sponsored ransomware organization. The attacks have been taking place since May 2021 using the Maui ransomware. The attacks specifically target servers to bring down diagnostic, imaging, and intranet services for prolonged periods.
Healthcare organizations are urged to prepare for these types of attacks by taking the following measures:
Be prepared to provide a brief background of your business, a summary of how the attack has affected its operations.
Ensure your Incident Response Readiness (IRR) in the event of attack. Review your security and risk profile.