American Medical Collections Agency (AMCA), a company that provides billing collection services to healthcare organizations, confirmed that sometime between August 2018 and March 2019, an unauthorized user accessed its web payment system which included several healthcare clients and held millions of patient’s information. BioReferences Laboratories, Quest Diagnostics/Optum 360, and LabCorp are among those companies affected. The number of victims in the AMCA data breach has just surpassed 20 million, and that number may continue to increase as the investigation progresses.
The most recent list impacts over 20 million patients including:
- Quest Diagnostics: 11.9 million patients
- LabCorp: 7.7 million patients
- BioReference Laboratories: 422,600 patients
- Carecentrix: 500,000 patients
- Sunrise Laboratories: unknown number of patients
The breached information varies, but includes some or all of the following:
- Patient Name
- Date of Birth
- Phone Number
- Date of Service
- Balance Information
- Payment Card Information
- Bank Account Information
- Social Security Number
- Lab Test Performed
Several state Attorneys General have confirmed they are launching investigations to demand further information regarding the massive data breach. AMCA has said its investigation is ongoing, and they are taking the appropriate steps to increase the security of its systems. The collections agency has taken web payments page offline, migrated its services to a third-party vendor, and hired a cybersecurity firm to assess and install additional security measures. A third-party forensic team is also investigating the breach and identifying if any other data may have been affected. AMCA is sending out written notices to consumers whose credit card number, social security number, or lab test order information may have been accessed.
Consumers that believe they have been affected should take the following steps immediately to protect their information:
- Obtain a free credit report at www.annualcreditreport.com or by calling 877-322-8228.
- Put a fraud alert on your credit file.
- Consider a security freeze on your credit file
- Take advantage of free services offered as a result of the breach.
- Use two-factor authentication for online accounts whenever available.