AMCA Breach Affects More Patients from LabCorp

Recent news talked about the data breach at American Medical Collection Agency (AMCA) that caused the exposure of 11.9 million records of Quest Diagnostics patients. Now, there is news that the AMCA breach affected another healthcare company.

LabCorp, which is a national network of blood testing centers, announced on June 4, 2019 the potential exposure of the sensitive data of 7.7 million people who had their blood samples processed by the company.

Just like Quest Diagnostics, LabCorp revealed the breach by a U.S. Securities and Exchange Commission (SEC) filing. According to LabCorp, AMCA notified the company that its data were also exposed when hackers accessed its payment portal from August 1, 2018 to March 30, 2019..

AMCA states on its website that it handles over $1 billion in yearly receivables for a varied client base, including laboratories, hospitals, doctors groups, billing services, and healthcare providers throughout the country.

So, it’s not surprising that one more healthcare organization was affected by the AMCa data breach. Most likely, other announcements may be made by heathcare organizations affected by the same breach in the next few days or weeks.

About 19.6 million healthcare records have been declared exposed so far by just two healthcare companies that have been affected by the breach.

LabCorp noted that the following data were exposed: names, addresses, telephone numbers, birth dates, dates of service, provider details, balance details, and certain banking and credit card information. There was no Social Security number exposed. Also, no diagnostic data, medical test findings, or insurance data were provided by LabCorp to AMCA. LabCorp has already stopped hiring AMCA for billing collections.

AMCA is informing about 200,000 people whose financial data was compromised with offers of 2 years credit monitoring and identity theft protection services. LabCorp has not yet obtained complete details on the people affected by the breach, so it has not yet notified its customers.

In yesterday’s report, Gemini Advisory notified AMCA after finding close to 200,000 credit cards information available for sale on a darknet marketplace. It turned out that the credit card numbers do not belong to LabCorp customers because LabCorp did not provide Social Security numbers to AMCA.