A bill collector fell victim to a ransomware attack in February, potentially exposing the health information of more than 1.9 million patients, the federal government reported.
The affected patients come from a variety of health systems, dental offices and ambulatory surgical centers across the country, many in the Southwest, that contract with Greeley, Colo-based Professional Finance Co., according to a July notice posted on the company's website.
On Feb. 26, Professional Finance discovered and stopped the data breach, during which an unauthorized third party accessed and disabled some of its computer systems, according to the notice. The company said the data may have included names, dates of birth, Social Security numbers and health insurance and medical treatment information, but that there is no evidence any of it has been misused.
The company is notifying affected individuals and offering them identity theft protection services.