American Medical Collections Agency (AMCA), a company that provides billing collection services to healthcare organizations, confirmed that sometime between August 2018 and March 2019, an unauthorized user accessed its web payment system which included several healthcare clients and held millions of patient’s information. BioReferences Laboratories, Quest Diagnostics/Optum 360, and LabCorp are among those companies affected. The number of victims in the AMCA data breach has just surpassed 20 million, and that number may continue to increase as the investigation progresses.
The most recent list impacts over 20 million patients including:
The breached information varies, but includes some or all of the following:
Several state Attorneys General have confirmed they are launching investigations to demand further information regarding the massive data breach. AMCA has said its investigation is ongoing, and they are taking the appropriate steps to increase the security of its systems. The collections agency has taken web payments page offline, migrated its services to a third-party vendor, and hired a cybersecurity firm to assess and install additional security measures. A third-party forensic team is also investigating the breach and identifying if any other data may have been affected. AMCA is sending out written notices to consumers whose credit card number, social security number, or lab test order information may have been accessed.
Consumers that believe they have been affected should take the following steps immediately to protect their information: