Professional Finance Company (PFC), a third-party billing company for Montrose Memorial Hospital/Montrose Regional Health, recently informed us about a security incident impacting data held by PFC on its servers. PFC is an accounts receivable management company in Colorado which provides debt recovery services to clients in Colorado and throughout the country. PFC reported that on February 26, 2022, it detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed and disabled some of PFC’s computer systems. When PFC discovered the issue, they immediately disconnected the affected systems and engaged forensic specialists to assist with investigating the incident and securing their network. We are providing this notice because there are some patients of Montrose Memorial Hospital/Montrose Regional Health who had data on PFC’s computer systems which were involved in the data breach. Montrose Memorial Hospital/Montrose Regional Health’s systems were not affected, the incident occurred only in PFC’s computers. On July 1, 2022, PFC mailed notice letters to the addresses on file for all individual patients whose information was affected including all patients of Montrose Memorial Hospital/Montrose Regional Health who were impacted.

Individuals’ first and last name, address, accounts receivable balance/payment information, and potentially date of birth and/or social security number were involved. No patients’ medical information or financial (payment card/banking) information was involved. The data included no reference to being connected to any medical care or any charges from Montrose Memorial Hospital/Montrose Regional Health; only the amount or balance on an account was involved. We recommend that individuals protect themselves from the possibility of identity misuse or identity theft by remaining alert to any suspicious activities with financial accounts and monitor credit reports regularly. Additional steps to protect against identity theft may be found in the notice affected individuals receive in the mail or by clicking on the link below.

PFC assures us that it has taken additional steps increase safeguards for protecting data in its systems and to try to prevent this type of attack from happening again. For more information, please see the following PFC Notice of Cybersecurity Incident.

Notice of Cybersecurity Incident