CF Medical says FBCS data breach impacted more than 600,000 of its patients

Georgia-based healthcare service provider CF Medical said that a data security incident at US debt collection agency Financial Business and Consumer Solutions compromised the sensitive personal information of approximately 626,000 of its patients.

 

Recently, CF Medical submitted a data security incident notice with the Office of the Maine Attorney General, detailing the impact of a cyber attack on Financial Business and Consumer Solutions, or FBCS, which compromised the data of over 4 million patients in the U.S.

 

According to the notice, on February 26, FBCS identified unauthorised access to its internal network and immediately launched an internal investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation determined that the environment was subject to unauthorised access between February 14 and February 26, 2024, and the unauthorised actor had the ability to view or acquire certain information on the FBCS network during the period of access,” the company said.

 

The compromised data included names, Social Security numbers, dates of birth, driver’s license numbers, non-driver identification card numbers and account information.

 

CF Medical’s filing with the Maine state regulator revealed that at least 626,396 individuals were impacted by the incident.

 

While the collection agency found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

The agency has also offered one year of complimentary identity protection and credit monitoring services through CyEx to all affected individuals.

 

Earlier this year, FBCS said in a filing with the Maine state regulator that it identified a total of 4,171,097 individuals who were impacted by the same data security incident.