On September 26, 2024, CF Medical filed a notice with the Attorney General of Maine after discovering a data breach at Financial Business and Consumer Solutions, Inc. (“FBCS”) affected confidential information that had been provided to CF Medical. In this notice, CF Medical explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, CF Medical began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from CF Medical or Financial Business and Consumer Solutions, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the CF Medical / Financial Business and Consumer Solutions data breach. For more information, please see our recent piece on the topic here.
What Caused the CF Medical / FBCS Data Breach?
The CF Medical / FBCS data breach was only recently announced, and more information is expected in the near future. However, CF Medical’s filing with the Attorney General of Maine provides some important information on what led up to the breach.
According to this source, FBCS is a debt collector that previously provided certain services to CF Medical. On February 26, 2024, FBCS learned that an unauthorized party had gained access to portions of its IT network. In response, FBCS secured its systems and then enlisted the help of third-party data security experts to assist with the company’s investigation.
Through this investigation, FBCS was able to confirm that an unauthorized actor had access to its network between February 14, 2024 and February 26, 2024, including files containing confidential consumer information.
After learning that sensitive consumer data was accessible to an unauthorized party, CF Medical reviewed the compromised files to determine what information was leaked and which consumers were impacted. FBCS recently completed this review process and, while the publicly available data breach letter does not mention what data types were leaked, on September 26, 2024, CF Medical sent out personalized data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About CF Medical
CF Medical is the trade name for Capio, which is a company that purchased debt. Based in Lawrenceville, Georgia, Capio is the largest purchaser of non-performing healthcare accounts in the United States. Capio has more than 1,000 healthcare clients and has served 61 million patient accounts, returning $370 million to providers. Capio employs more than 298 people and generates approximately $18 million in annual revenue.
