There is now over 20 million victims of the American Medical Collections Agency (AMCA) data breach as another healthcare organization confirmed the impact of the breach on its clients.
BioReference Laboratories is a New Jersey-based laboratory and clinical testing company that recently announced the potential exposure of the personal information of around 422,600 of its clients as a result of the AMCA breach.
Together with LabCorp’s 7.7 million exposed records and Quest Diagnostics/Optum360’s 11.9 million exposed records, the total number of exposed records now stands at 20,022,600. The number will probably keep going up as investigations continue and more healthcare companies are notified.
BioReference Laboratories confirmed the breach with a 8-K filing at the Security and Exchange Commission (SEC) on Monday. This subsidiary of OPKO Health got notifications about the breach on June 3, 2019.
Hackers gained access to the web payment portal of AMCA, impacting the data of several healthcare clients. The incident transpired from August 1, 2018 to March 30, 2019.
The patients of BioReference Laboratories testing services had the following information compromised: names, birth dates, addresses, email address, telephone numbers, dates of service, health insurance details, balance data, and banking account information. There was no compromise of Social Security numbers, healthcare information, examination results or passwords/security Q&A.
AMCA notified approximately 6,600 BioReference Laboratories customers and offered them two years of complimentary credit monitoring and identity theft protection services.
All ready, AMCA only presented basic details concerning the breach. Information of the impacted individuals are not yet released and so breach notification letters are not yet sent.
BioReference Laboratories stated that the moment AMCA provides them with additional data regarding the breach, it will take further action. BioReference Laboratories likewise said that it has made no collection request from AMCA since October 2018 and it has requested the stoppage of processing pending collection requests.
Several state Attorneys General have started investigating the breach and calling AMCA to get more information about the breached entities.
Michigan Attorney General Dana Nessel is particularly worried regarding the hackers accessing the AMCA payment portal before the breach detection. If the cyberattack was meant to obtain sensitive patient information, affected persons are possibly facing a high risk of fraudulence.
North Carolina Attorney General Josh Stein, Minnesota Attorney General Keith Ellison and New York Attorney General Letitia James similarly confirmed that they are investigating into the AMCA breach. Two senators from New Jersey are questioning the local Quest Diagnostics branch. However information about the real situation from AMCA is still limited.
AMCA just mentioned its actions on enhancing security, which included taking the web payments portal offline, migrating services to another third-party vendor, and hiring cybersecurity experts to evaluate defenses and install additional security controls.