Practice Resources

Practice Resources, operating also under the alias PRL, is a medical billing and practice management company whose headquarters are located in the United States, with a specific base of operations in New York. The organization’s primary function is to provide billing services and practice management support to healthcare providers, enabling them to manage claims submission, patient invoicing, and revenue cycle processes. By outsourcing these administrative tasks to Practice Resources, client organizations can reduce internal overhead and focus more on delivering clinical care. The company’s services encompass the handling of protected health information, including health plan identifiers, treatment dates, and medical record numbers, which are essential for accurate claim processing. It serves a network of affiliated healthcare organizations that rely on its expertise to maintain compliant and efficient billing operations. Practice Resources positions itself as a specialized intermediary that bridges the gap between clinical services and financial reimbursement within the healthcare sector. Its market focus is limited to the U.S. healthcare industry, where it supports a variety of practice types through standardized billing workflows. The firm’s operational model emphasizes accuracy, timeliness, and confidentiality in managing sensitive patient data.

In April 2022, Practice Resources was the target of a ransomware attack that compromised the personal and health information of approximately 942,000 individuals spread across 26 affiliated healthcare organizations. The exposed data included names, addresses, health plan numbers, treatment dates, and medical record numbers, underscoring the volume of sensitive information the company routinely handles. Upon detection of the breach, the organization immediately engaged third‑party cybersecurity specialists to isolate affected systems and prevent further unauthorized access. Following containment, Practice Resources implemented a series of security enhancements designed to strengthen its defenses against similar threats in the future. As part of its response, the firm offered credit monitoring services to all individuals whose data had been impacted, aiming to mitigate potential financial harm. The incident also prompted a review of internal policies and procedures to ensure alignment with applicable privacy and security standards governing health information. The scale of the breach highlights the company’s extensive reach within the healthcare sector and its role as a trusted custodian of billing and practice management data. While public sources do not disclose the organization’s ownership structure or parent‑subsidiary relationships, its specialization in managing protected health information places it under federal privacy standards governing health information.