Data Incident Involving Professional Finance Company, Inc. (PFC)

US Anesthesia Partners (“USAP”), recently learned about a data security incident experienced by one of its vendors, Professional Finance Company, Inc. (“PFC”), which may have involved the personal information of certain USAP patients. PFC provides accounts receivable management services to health care providers like USAP.

What happened?

On May 5, 2022, PFC notified USAP and other PFC customers that PFC sustained a sophisticated ransomware attack on February 26, 2022, that resulted in unauthorized access to the personal information for certain individuals, including some USAP patients. According to PFC, upon learning of the issue, PFC immediately engaged a third-party forensic firm to assist PFC with securing its network environment and investigating the extent of any unauthorized activity.  PFC also notified federal law enforcement. This incident did not involve unauthorized access to USAP’s network or any of its information systems. 

What information was involved?

According to PFC, its investigation determined that the incident may have involved unauthorized access to some or all of the following data elements, depending on the individual: first and last name, address, date of birth, Social Security number, health insurance policy number, patient account number, medical treatment information, and accounts receivable balance and payment information.

What Is Being Done?

On July 1, 2022, PFC, on behalf of USAP, began sending written notifications to the potentially affected individuals.  In addition, PFC arranged for complimentary credit monitoring and identity theft protection services for those individuals.  PFC advised USAP that it has taken several actions to help prevent this type of incident from occurring in the future, including rebuilding its affected systems and reviewing and revising its policies, procedures, and network security software relating to the security of PFC’s systems and servers, as well as how store and manage data

What You Can Do:

Notified individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves, including activating the free credit monitoring services. PFC has stated that it has no evidence that any personal information has been misused for the purpose of committing fraud or identity theft. Nonetheless, as a precautionary measure, individuals should remain vigilant to protect against potential fraud or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. They should promptly report any suspected fraudulent activity or identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Potentially affected individuals may also wish to review the tips provided by the Federal Trade Commission on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft.  For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338).

For more information:

To determine whether your information was involved in this incident, or for more information about this incident, please call 1-844-663-3160 Monday through Friday from 6:00 am – 6:00 pm MST. You can also visit the PFC website https://bit.ly/PFCCyberIncident to learn more about this incident.

1