(July 1, 2022)

UCHealth was recently informed by Professional Finance Company (PFC), a third-party billing company, of a security incident that impacted data held by the company on its servers. PFC is an accounts receivable management company providing debt recovery services located in Greeley, Colorado. PFC serves local northern Colorado clients as well as clients throughout the country. Some UCHealth locations utilized PFC.

PFC experienced a network security issue involving ransomware in 2022 in which an unauthorized 3rd party accessed and disabled some of PFC’s computer systems. When PFC discovered the issue, they immediately disconnected the affected systems and engaged third-party forensic specialists to assist with securing the network and investigating the activity. Data from some UCHealth patients was on the PFC computer systems and may have been included in this data breach, though UCHealth’s systems were not affected.

Individuals’ first and last name, address, accounts receivable balance/payment information, and one or both of date of birth (DOB) and Social Security number (SSN) were potentially impacted in the incident. No patient medical or financial (e.g. credit card/banking) information was impacted. UCHealth’s electronic medical record and patients’ medical records on our systems were not impacted.

PFC is notifying all individuals who may be impacted.

UCHealth values its patients, and protecting their data is a top priority. Though we have no reason to believe the PFC impacted data went beyond the cybercriminal or was misused in any way, we are sharing this security incident so patients may protect themselves by watching for any suspicious activity or possible identity theft. Additional information regarding steps that can be taken to protect from identity theft can be found in the notice affected individuals receive in the mail, or by clicking on the link below.

We apologize for the concern and inconvenience this data breach may cause, and we remain committed to safeguarding our patients’ information.

PFC has taken additional steps to protect data and prevent this type of attack from happening again.

For more information, please see PFC security incident.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Billing vendor shares information about data breach

Patient support

Resources

UCHealth

Patient’s information

Referring provider information

Referral

Please send any pertinent, clinic records related to the DX to [email protected]