Quantum ransomware attack affects 657 healthcare orgs

Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations.

Founded in 1904, PFC helps thousands of healthcare, government, and utility organizations across the U.S. ensure that customers pay their invoices on time.

The company started notifying the impacted healthcare providers’ patients on May 5, saying that an ongoing investigation discovered that the attackers accessed files containing their personal information before encrypting some of PFC’s systems.

Sensitive information exposed during the attack includes patients’ first and last names, addresses, accounts receivable balance and information regarding payments made to accounts.

In some cases, the files also contained dates of birth, social security numbers, and health insurance and medical treatment information.

While PFC did not share the exact number of affected healthcare providers, it linked to a PDF file listing all the impacted orgs containing the names of 657 healthcare entities.

“PFC today is mailing letters to potentially involved individuals with detail about the incident and providing resources they can use to help protect their information,” the company said.

“PFC is also offering potentially involved individuals access to free credit monitoring and identity theft protection services through Cyberscout, a leading identity protection company.”

Quantum ransomware attack

Although PFC did not reveal the name of the ransomware used to encrypt its systems, AdvIntel CEO Vitali Kremez told BleepingComputer that members of the Quantum ransomware gang were behind the February attack.

“Our Andariel platform detected the PFC attack via signal collections on February 23, 2022 from the Cobalt Strike infrastructure with the early warning details following the attack flow,” Kremez told BleepingComputer.

“The attackers behind the operations are linked to Conti/Quantum ransomware sub-group moving laterally inside using Cobalt Strike and exfiltrating data via command-line tools.”

Quantum ransomware surfaced as a rebrand of the MountLocker ransomware operation, a ransomware strain first deployed in attacks starting in September 2020.

Since then, the gang has rebranded multiple times using various other names, including AstroLocker, XingLocker, and Quantum.

The rebrand to Quantum was first observed in August 2021, when their ransomware encryptor switched to adding the .quantum file extension to encrypted files’ names.

Advanced Intel’s Yelisey Boguslavskiy also told BleepingComputer in June that some members of the Conti cybercrime syndicate have joined the ranks of the Quantum operation after the Conti brand was shut down.

This is part of Conti’s new modus operandi where its members have either infiltrated or taken control of other ransomware operations such as Hive, AvosLocker, BlackCat, and Hello Kitty or data extortion gangs like Karakurt, BlackByte, and the Bazarcall collective.

Source: https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-affects-657-healthcare-orgs/