Victims of AMCA Data Breach Increased by 185,000 More

The data breach at American Medical Collection Agency (AMCA) affected three more healthcare organizations. They are Inform Diagnostics, West Hills Hospital & Medical Center in California, and CompuNet Clinical Laboratories.

It was over two months ago when AMCA announced its data breach. AMCA notified most of the affected companies about the potential compromise of their patients’ data in May/June. However, the companies only received ample information about breach several weeks after. They made their announcements about the breach and sent notification letters to the affected patients.

The AMCA breach happened between August 1, 2018 and March 30, 2019. An unauthorized person accessed its web payment page and possibly obtained personal and financial data. The information of the persons affected by the breach was passed to AMCA for collection of outstanding bills for healthcare services.

Including the recent announcement of the breached healthcare organizations, there are not a total of 21 companies identified to have been impacted. Not including the number of West Hills Hospital and Medical Center patients, which is still unknown, the total number of breach victims now stands at about 24,390,307. The latest breach victims count may be available after several weeks and they will be sent breach notifications.

West Hills Hospital and Medical Center in West Hills, CA, contracts United WestLabs (UWL) to handle its reference laboratory. AMCA notified United WestLabs on June 12, 2019 about the breach. The information of the affected patients included their names, addresses, patient account numbers, the amount payable, and service dates. The credit or debit card number of some patients may also have been exposed.

AMCA mailed breach notification letters to people who had their financial data exposed. West Hills Hospital notified the other affected patients. Now both West Hills Hospital and United WestLabs do not use AMCA’s services anymore.

Inform Diagnostics in Irving, TX provides pathology laboratory services. Retrieval Masters Creditors Bureau, AMCA’s holding company, notified the company on June 30, 2019 that a hacker accessed the personal and payment data of its 173,690 patients. The exposed information included the patients’ first and last names, Social Security numbers, credit/debit card numbers, banking details, service dates, and referring doctors names.

CompuNet Clinical Laboratories in Dayton, OH provides laboratory services. AMCA notified the company on June 5, 2019 about the breach, which exposed its patient data including names, birth dates, service dates, names of the medical service provider, referring doctors, medical insurance details, and other medical data. The Social Security number, financial data and credit/debit card number of some patients were also exposed. Around 111,000 patients were affected.

Here’s the list of companies confirmed to have been impacted by the AMCA data breach and the number of exposed records:

  1. LabCorp – 7,700,000
  2. Clinical Pathology Associates – 2,200,000
  3. Quest Diagnostics/Optum360 – 11,900,000
  4. American Esoteric Laboratories – 541,900
  5. Sunrise Medical Laboratories – 427,000
  6. Carecentrix – 500,000
  7. BioReference Laboratories/Opko Health – 422,600
  8. Inform Diagnostics – 173,690
  9. CBLPath Inc. – 148,900
  10. Laboratory Medicine Consultants – 147,600
  11. CompuNet Clinical Laboratories – 111,000
  12. Austin Pathology Associates – 46,500
  13. South Texas Dermatopathology PLLC – 16,100
  14. Seacoast Pathology, Inc – 10,000
  15. Pathology Solutions – 13,300
  16. Penobscot Community Health Center – 13,000
  17. Arizona Dermatopathology – 7,000
  18. Laboratory of Dermatology ADX, LLC – 4,240
  19. Western Pathology Consultants – 4,550
  20. Natera – 3,000
  21. West Hills Hospital and Medical Center / United WestLabs – Unknown

Total victims: 24,390,307