$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On July 6, 2022 Consumer Privacy & Data Breaches

Data Breach Update: Professional Finance Company, Inc. May Have Impacted 657 Healthcare Providers

NOTICE: If you received a NOTICE OF DATA BREACH letter from Professional Finance Company, Inc., contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

Data Breach AlertJuly 6, 2022 – Earlier this year, we reported on a data breach at Professional Finance Company, Inc. (“PFC”) that stemmed from a February 2022 ransomware attack. At the time, little information about the incident was known; however, the company had confirmed that certain information belonging to current and former employees was compromised. More recently, PFC released additional information about the breach, including that it resulted in the first and last names, addresses, dates of birth, Social Security numbers, health insurance information and medical treatment information of certain patients being compromised. On May 5, 2022, PFC released data breach letters to some patients; however, more recently, the company sent out another round of data breach notifications to additional parties.

If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the PFC data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Professional Finance Company, Inc.

What We Know So Far About the Professional Finance Company Breach

Grasping the importance of the Professional Finance Company requires an understanding of what the company does. PFC is a debt collection company that works with other organizations to recover their accounts receivable. For example, once a healthcare provider determines that it is no longer in its interest to keep trying to collect a debt, it sells the debt to PCF. To facilitate PFC’s ability to collect on amounts owed, providers give PFC information about patients. This is how PFC came into possession of the information that was subject of the breach.

According to official notice filed by the company, PFC “detected and stopped” a sophisticated ransomware attack occurring in February 2022. PFC reports that, as a result of the attack, the company’s computer system was disabled, and the unauthorized party orchestrating the attack was able to view patient data. In response, PFC retained cybersecurity experts to investigate the incident. This investigation revealed that an unauthorized third party accessed files containing certain individuals’ personal information during this incident, including patients’ first and last names, addresses, dates of birth, Social Security numbers, health insurance information and medical treatment information.

On May 5, 2022, Professional Finance Company began sending out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. However, more recently, the company provided updated letters to everyone impacted by the incident.

Professional Finance Company also provides a list of all affected healthcare practices, which include more than 650 providers across the country. A link to all affected providers can be found here.

More Information About Professional Finance Company, Inc.

Professional Finance Company is a debt collection company based in Greeley, Colorado. The company works with other organizations to recover their accounts receivable through various means. Professional Finance Company has various subsidiaries, including PFC Infuse, which acquires, manages, and liquidates portfolios of defaulted receivables from companies. Other subsidiaries include PFC First, PFC USA and PFC Rev. Professional Finance Company has more than 126 employees working for the company and brings in approximately $15 million in annual revenue.

If You Have Questions About Your Rights Following the Professional Finance Company Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the PFC data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call today or fill out our secure contact form.

Below is a copy of the initial data breach letter issued by Professional Finance Company, Inc. (the actual notice sent to consumers can be found here):

Dear [Redacted],

Professional Finance Company, Inc. (“PFC”) is notifying individuals whose information may have been involved in a recent network security incident. PFC is an accounts receivable management company that provides assistance to various organizations (including healthcare providers).

On February 26, 2022, PFC detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems. PFC immediately engaged third-party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity. Federal law enforcement was also notified. The ongoing investigation determined that an unauthorized third party accessed files containing certain individuals’ personal information during this incident. PFC notified the respective healthcare providers on or around May 5, 2022. This incident only impacted data on PFC’s systems. The list of healthcare providers can be viewed here: [Redacted].

PFC found no evidence that personal information has been specifically misused; however, it is possible that the following information could have been accessed by an unauthorized third party: first and last name, address, accounts receivable balance and information regarding payments made to accounts, and, in some cases, date of birth, Social Security number, and health insurance and medical treatment information.

PFC is mailing letters to potentially involved individuals with details about the incident and providing resources they can use to help protect their information. PFC is also offering potentially involved individuals access to free credit monitoring and identity theft protection services through Cyberscout, a leading identity protection company.

Individuals should refer to the notice they received in the mail regarding steps they can take to protect themselves. As a precautionary measure, potentially impacted individuals should remain vigilant to protect against fraud and/or identity theft by, among other things, reviewing their financial account statements and monitoring free credit reports. If individuals detect any suspicious activity on an account, they should promptly notify the institution or company with which the account is maintained. Individuals should also promptly report any fraudulent activity or any suspected identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, free security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit [Redacted] or call 1-877-ID-THEFT (1-877-438-4338). Individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

PFC is providing a dedicated toll-free call center for potentially affected individuals who have questions, want to enroll in credit monitoring and identity theft protection services, or who want to learn additional steps to protect their information. To contact the call center, please call 1-844-663-3160, between 6am and 6pm MST.

Data security is one of PFC’s highest priorities. Since the incident, PFC wiped and rebuilt affected systems and has taken steps to bolster its network security. PFC also reviewed and altered its policies, procedures, and network security software relating to the security of systems and servers, as well as how data is stored and managed.

NOTICE: If you received a NOTICE OF DATA BREACH letter from Professional Finance Company, Inc., contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.