AMCA data breach potentially hits an additional 7.7M LabCorp customers

Laverne Higgins
June 8, 2019

In an SEC filing, LabCorp disclosed that its vendor American Medical Collection Agency had a data breach that provided an unauthorized user access to AMCA's system between August 1, 2018 and March 30, 2019.

As it turns out, over 400,000 consumers of medical diagnostics company OPKO Health were also impacted, bringing the total number of victims to 20.1 million. LabCorp revealed on Tuesday that 7.7 million patients' accounts at AMCA were stored in the vulnerable computer system and may also have been exposed.

The information exposed could include patients' first and last name, date of birth, address, phone, date of service, provider, and balance information.

BioReference, a blood testing lab firm with approximately 40 Florida locations, said in a government filing Thursday that some patients' information may have been hacked in a third-party data breach.

Two major laboratories announced data breaches this week in filings with the SEC.

Authorities: Lone wolf plotted to throw grenades at people in Times Square
Kate Fan, a 28-year-old charity worker visiting from Guangzhou, China, said she had heard about the incident but still felt safe. Officials have not released his name and there is no official word yet from the Federal Bureau of Investigation task force.

AMCA told BioReference that "no Social Security Numbers were compromised" in the breach and, according to the OPKO Health subsidiary "no laboratory results or diagnostic information" were provided and stored on AMCA systems. Three Democratic Senators, Bob Menendez (New Jersey), Cory Booker (New Jersey) and Mark Warner (Virginia), wrote Quest on Wednesday with questions about the company's third-party vendor information security vetting and other security measures. Optum360 and Quest are inspecting the condition with forensic experts, Quest said. He noted that contractors like AMCA were frequent targets for cyber attacks.

The incident is under the investigation performed by New York, Minnesota, North Carolina, and MI state attorneys.

Quest said that AMCA notified the company about "potential unauthorized activity" on its web payment page on May 14.

According to its website, AMCA is the "leading recovery agency for patient collection" and it is "managing over $1BN in annual receivables for a diverse client base", servicing "laboratories, hospitals, physician groups, billing services, and medical providers all across the country".

In July 2018, just one month before the AMCA breach began, LabCorp's IT network was compromised, they said.

Other reports by

Discuss This Article