Millions of Patients' Personal Information Exposed in Medical Collections Company Data Breach

By Christopher Coble, Esq. on July 18, 2019

It seems like there's another data breach every day. We share quite a bit of our personal information online (and off), and when hackers and unhappy accidents potentially expose that data, it can be scary. And some data breaches can be scarier than others.

Take the American Medical Collection Agency, for instance. AMCA is a billing and collections company for medical service providers, working with laboratories, hospitals, and physician groups. That gives them expansive access to personal, financial, and health data of millions of patients, and a data breach last month has left an ever-expanding list of patients' data exposed.

Into the Breach

First, LabCorp revealed that 7.7 million patients were affected in the AMCA data breach. Then Quest Diagnostics disclosed that information involving another 11.9 million patients may also have been exposed. Almost half a million BioReference Laboratories patients affected "pushed the breach over the 20 million mark," according to TechCrunch. And now, Clinical Pathology Laboratories is reporting that 2.2 million patients may have had their personal information stolen, and another 34,500 may have had their credit card or banking information compromised.

"[I]n May of 2019, AMCA notified CPL about the incident and informed CPL that an AMCA database containing information for some CPL patients had been affected," CPL said in a statement. "However, at the time of AMCA's initial notification, AMCA did not provide CPL with enough information for CPL to identify potentially affected patients or confirm the nature of patient information potentially involved in the incident, and CPL's investigation is on-going." CPL says that while patients' Social Security numbers were not involved in the breach, their names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card or banking information, and treatment provider information may have all been compromised.

Unauthorized Activity

According to an SEC filing from BioReference Labs, the "unauthorized activity" on AMCA's web payment occurred over a seven-month span from August 1, 2018, and March 30, 2019. AMCA has since filed for bankruptcy, citing a "cascade of events" that incurred "enormous expenses that were beyond the ability of the debtor to bear." (As of today, AMCA claims on its website to manage "over $1BN in annuals receivables.")

If you think your personal, financial, or medical information has been compromised in a data breach, talk to an experienced health care attorney about your legal options.

Related Resources:

Copied to clipboard