More than 1.9 million patients have been exposed to a ransomware infection after a Colorado-based debt collection firm serving hundreds of medical facilities and hospitals across America was breached. 

The Professional Finance Company, PFC, suffered a ransomware attack on February 26 and on July 1 confirmed that over 650 healthcare providers were affected by the breach. According to a notice from PFC, attackers stole confidential patient information including patient names, addresses, and outstanding account balances. PFC said in some cases, SSNs and information about health insurance and medical treatment were also stolen. 

This attack was a result of an unauthorized third party using sophisticated ransomware to gain access and disable internal computer systems to retrieve personal data. PFC said that after the attack, they immediately hired third-party forensic specialists and alerted federal law enforcement. PFC also said they found no substantial evidence that personal information has been misused, however, it is possible the data can be used to launch future attacks. 

As ransomware attacks continue to affect all types of organizations, it's important to learn from the mistakes of other companies and protect your information. We've spoken with several cybersecurity experts to hear their insights about this breach.

##

Arti Raman (She/Her), CEO and Founder, Titaniam

"In the recent data breach confirmed by PFC, an unauthorized third party accessed and disabled some of PFC's computer systems. While the company's statement said that none of the personal data had been misused, the data is now in the hands of cybercriminals. As hacks and extortion become more and more frequent, to truly minimize the risk of potential extortion and lost clear text data, a data security platform, specifically data-in-use encryption, also referred to as encryption-in-use, is the only option for complete protection and peace of mind.

In the last 18 months, companies have been misled into believing that investing in backup and recovery solutions is the answer to their ransomware woes. However, the State of Data Exfiltration & Extortion Report 2022 recently revealed that traditionally used tools are ineffective 60% of the time.

If companies want to stand up to data-related extortion then data-in-use encryption is the technology of choice for unmatched immunity. Should adversaries gain access to data, by any means, data-in-use encryption keeps the sensitive data encrypted and protected even when it is being actively utilized. This helps neutralize all possible data-related leverage and limits the need for breach disclosure."

++

Neil Jones, director of cybersecurity evangelism, Egnyte

"The recent data breach at Professional Finance Company is especially concerning because healthcare debt collection information inherently includes PII (Personally Identifiable Information) and PHI (Protected Health Information), which are treasure troves for cyber-attackers. 

In this case, the breach involved the sensitive data of nearly 2 million patients. Although there's no current evidence that the breached information has been used maliciously, it is not uncommon for attackers to wait for just the right moment to post their breached data to the Web. 

There are several key lessons that can be learned from this incident: 1) Organizations need to combine ransomware detection solutions with effective data recovery programs. 2) Companies need to have incident response plans in place, to effectively notify their customers, employees, business partners and the news media of potential breaches. 3) During these dynamic times, routine technological audits need to occur on a more frequent basis than they did before, to prevent vulnerabilities from being exploited."

++

Aaron Sandeen, CEO and co-founder, Cyber Security Works

"As ransomware attacks continue to devastate the healthcare industry, leaders must increase their cybersecurity visibility of known and unknown assets. To fully safeguard their firm from potential assaults, cybersecurity professionals must enhance the frequency with which they validate and seek early warning capabilities.

Patching the vulnerabilities that threat groups and attackers exploit is one of the actions that businesses can take to avoid disaster. Especially as new ransomware organizations develop, knowing how exposed you are to ransomware attacks and monitoring your security posture through ongoing vulnerability management and proactive penetration testing is vital to bolster your defenses. Security and executives in the healthcare field must invest in the protection of their assets."

++

Tim Prendergrast, CEO, strongDM

"The PFC incident highlights how crucial strong access management and infrastructure are to maintain strong security. Right now, attackers are increasingly looking for improperly stored or secured valid credentials because they're essentially VIP passes into databases, and servers - everything companies don't want to be leaked publicly. Once attackers get those valid credentials, they can wreak havoc internally. As a result, we're now seeing maybe one of the worst healthcare security breaches in 2022 that's impacting over one million people and whole hospitals, and it's because of a third-party access breach. Rather than point fingers, because in truth this could have happened to anyone, it is important for CISOs to re-evaluate the visibility and control of access across both applications and infrastructure."

##