Debt-Collection Company Reports Data Breach Impacting 657 Providers

According to a July 6 article from JD Supra, earlier this year the Greeley, Colo.-based debt-collection company Professional Finance Company, Inc. (PFC) reported a data breach. At the time of the breach, the company was unaware of the magnitude of the incident but based on recently released information the breach impacted 657 healthcare providers across the U.S.

The article states that “While the exact number of patients who were affected by the breach remains unknown, this could be the largest healthcare data breach of the year. According to the PFC, the breach resulted in the first and last names, addresses, dates of birth, Social Security numbers, health insurance information and medical treatment information being compromised. On May 5, 2022, PFC filed initial notice of the breach and sent out data breach letters to all affected parties. Since then, the company learned that the breach was larger in scope than originally thought and sent data breach letters to additional patients.”

PFC provided a list of all affected healthcare practices—including Banner Health, Renown Health, and DispatchHealth—more than 650 providers across the country were affected.

Regarding how PFC operates, “PFC is a debt collection company that works with other organizations to recover their accounts receivable,” the article says. “For example, once a healthcare provider determines that it is no longer in its interest to keep trying to collect a debt, it sells the debt to PCF. To facilitate PFC’s ability to collect on amounts owed, providers give PFC information about patients. This is how PFC came into possession of the information that was subject of the breach.”

PFC’s statement on the breach says that the organization did not find any evidence that the personal information was misused. PFC is offering resources to help individuals protect their information, including access to free credit monitoring and identify theft protection through protection company Cyberscout.

PFC’s statement also says that individuals should follow the guidance from the notice they received via mail regarding steps to take to protect themselves. PFC urges those individuals who were potentially impacted should remain vigilant by reviewing their financial account statements and monitoring free credit reports.