It was discovered that the security breach at American Medical Collection Agency (AMCA) affected another healthcare provider. The AMCA breach involved the unauthorized access of its systems that contain the protected health information (PHI) of clients. The unauthorized access of AMCA’s systems first occurred on August 1, 2018 and the breach continued up to March 30, 2019.
Penobscot Community Health Center (PCHC), a non-profit health center located in Bangor, ME, hired AMCA as its billing collection service provider. On May 15, 2019, AMCA informed PCHC about the potential compromise of the PHI of about 13,000 of its patients.
AMCA had access to a limited number of PHI so that it can work on its billing collection services. AMCA received some PHI of patients whose accounts were due for debt collection. In all of these cases, the information disclosed to AMCA only included the minimum required data.
For 8 months, the unauthorized person had access to AMCA’s systems and could have viewed or copied the following types of information: names, birth dates, names of referring medical provider, and other medical data associated with the services obtained at PCHC. The credit card information for some patients may also have been exposed.
PCHC has ended its business connection with AMCA and is at the moment trying to get back and secure all of the patient information provided to the company.
PCHC is now confirmed to have become a victim of the AMCA breach along with Quest Diagnostics, LabCorp and BioReference Laboratories. There may be other healthcare organizations that were affected by the breach. At this point, over 20 million persons are identified to have been impacted by the AMCA breach.
The parent company of AMCA already filed for bankruptcy and is trying to liquidate assets in order to pay for the cost of the breach response.