7.7M LabCorp Customers Info. Exposed in Collections Agency Breach7.7M LabCorp Customers Info. Exposed in Collections Agency Breach

Nearly 20 million have had their personal information compromised as a result of a security breach at AMCA, a third party collections agency that both LabCorp and Quest Diagnostics used.

Omar Ford

June 5, 2019

2 Min Read
7.7M LabCorp Customers Info. Exposed in Collections Agency Breach
Pixabay

Nearly 7.7 million patients that used LabCorp’s testing services could have had their personal information exposed due to a security breach at American Medical Collection Agency.

The news comes a day after Quest Diagnostics, which also uses AMCA as a third party billings collector, revealed that about 12 million of its customers’ personal information had also been exposed.

In an SEC filing, Burlington, NC-based LabCorp noted that AMCA said the breach occurred between Aug. 1, 2018, and March 30, 2019.

“AMCA’s affected system included information provided by LabCorp,” the company said in a filing. “That information could include first and last name, date of birth, address, phone, date of service, provider, and balance information. AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance). LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

The company added that “AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp a list of the affected LabCorp consumers or more specific.”

LabCorp said it has now ceased sending new collection requests to AMCA and stopped the collections agency from continuing to work on any pending requests involving LabCorp consumers.

Tuesday afternoon AMCA responded to the article MD+DI published about the Quest Diagnostics breach. 

“We are investigating a data incident involving an unauthorized user accessing the American Medical Collection Agency system,” AMCA said in the email. “Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page. We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security. We have also advised law enforcement of this incident. We remain committed to our system’s security, data privacy, and the protection of personal information.”

About the Author

Omar Ford

Omar Ford is a veteran reporter in the field of medical technology and healthcare journalism. As Editor-in-Chief of MD+DI (Medical Device and Diagnostics Industry), a leading publication in the industry, Ford has established himself as an authoritative voice and a trusted source of information.

Ford, who has a bachelor's degree in print journalism from the University of South Carolina, has dedicated his career to reporting on the latest advancements and trends in the medical device and diagnostic sector.

During his tenure at MD+DI, Ford has covered a wide range of topics, including emerging medical technologies, regulatory developments, market trends, and the rise of artificial intelligence. He has interviewed influential leaders and key opinion leaders in the field, providing readers with valuable perspectives and expert analysis.

 

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like