AMCA data breach affected 2.2m Clinical Pathology Laboratories patients
18 July 2019
The massive data breach suffered by the American Medical Collection Agency (AMCA) between August 1, 2018 and March 30, 2019, that compromised personal and financial information of nearly 20 million patients also compromised the personal information of 2.2 million additional patients who availed medical testing and diagnostics services from Clinical Pathology Laboratories.
The breach of sensitive personal and financial information of millions of US citizens took place when hackers gained unauthorised access to the web payments page owned by AMCA between August 1, 2018 and March 30, 2019. AMCA collected payments on behalf of leading diagnostics firms in the US such as Quest Diagnostics, LabCorp, BioReference, Conduent, and CareCentrix.
In June, leading US diagnostics firms Quest Diagnostics and LabCorp revealed in separate filings with the SEC that the unauthorised intrusion that lasted eight long months compromised personal and financial information of 11.9 million and 7.7 million of their patients respectively.
OPKO Health Inc., another major diagnostics firm operating in the United States, also revealed in a filing with the SEC that the AMCA data breach impacted personal and financial information of as many as 422,600 patients for whom BioReference, it’s subsidiary, performed medical testing and diagnosis.
Number of affected victims of AMCA breach goes up to 22 million
On Friday, Clinical Pathology Laboratories, Inc. also announced that it was informed by AMCA in May that the unauthorised intrusion that took place between August 1, 2018 and March 30, 2019 also affected a database that contained “information for some CPL patients“.
“Based on the information provided by AMCA, the following information belonging to CPL patients may have been affected by the incident: patient names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card or banking information and treatment provider information.
“AMCA has advised CPL that its patients’ social security numbers were not involved in the incident. CPL does not provide AMCA healthcare records such as laboratory results and clinical history. The impact of this incident is limited to patients whose accounts were referred for debt collection and who reside in the United States,” Clinical Pathology Laboratories said via a press release.
“CPL takes the security of its patients’ information very seriously, including the security of data handled by vendors. The privacy and protection of patient information is a top priority. As a result of the investigation, CPL is no longer using AMCA for collection efforts,” it added.
2.2m Clinical Pathology Laboratories patients affected as well
Earlier this week, Clinical Pathology Laboratories published another press release in which it said that the AMCA data breach may have compromised names, addresses, phone numbers, dates of birth, dates of service, balance information and treatment provider information of approximately 2.2 million of its patients.
However, the company also said that only 34,500 of its patients suffered the loss of their credit card or banking information and the latter have been notified about the same via notification letters.
In mid-June, AMCA applied for bankruptcy protection in a Chapter 11 filing with the New York Southern Bankruptcy Court, stating that it was unable to bear the financial costs of the massive breach of customer records that took place between August 1, 2018 and March 30, 2019.
Russell Fuchs, CEO of Retrieval-Masters Creditors Bureau, the parent company of AMCA, stated in the Chapter 11 filing that AMCA had incurred “enormous expenses that were beyond the ability of the debtor to bear” and that the company had spent up to $400,000 on hiring outside experts to investigate the breach and an additional $3.8 million on sending over 7 million individual notices to people affected by the breach.
As a result, AMCA intended to liquidate up to $10 million worth of assets and liabilities to pay for its breach-mitigation activities. This, even after CEO Fuchs lent $2.5 million to AMCA to help the firm with bearing the costs of individual mailings, says Bloomberg.