Tens of Million patients impacted by the AMCA data breach

Recovery agency for patient collections American Medical Collection Agency (AMCA) suffered a data breach that could impact many of its customers.

American Medical Collection Agency (AMCA) suffered a data breach that could impact many of its customers, the company still hasn’t disclosed details.

filing with the U.S. Securities and Exchange Commission (SEC) Quest revealed that the attackers broke into the web payment portal of the American Medical Collection Agency between August 1, 2018 and March 30, 2019.

AMCA provides services to numerous firms, including the revenue cycle management provider Optum360, medical testing firm Quest Diagnostics, and LabCorp.

The security breach has impacted roughly 12 million of Quest Diagnostics‘ patients and roughly 7.7 of LabCorp patients. After the disclosure of the incident, Labcorp announced the terminations of business activities with AMCA and Quest Diagnostics has suspended sending collection requests to AMCA.

The hackers broke into company databases containing millions of medical test lab patients’ personal and payment information.

“LabCorp has referred approximately 7.7 million consumers to AMCA whose data was stored in the affected AMCA system. AMCA’s affected system included information provided by LabCorp.” reads the Form 8-K filing.

“That information could include first and last name, date of birth, address, phone, date of service, provider, and balance information. AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance). LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA.”

AMCA confirmed that Social Security Numbers and insurance identification information are maintained for LabCorp consumers.

AMCA also informed LabCorp that it is sending security breach notices to approximately 200,000 LabCorp consumers whose financial data may have been compromised.

According to DataBreaches.net, stolen data are already fueling dark web, in fact researchers at Gemini Advisory, discovered the offer of payment card information for roughly 200,000 individuals likely from AMCA’s databases.

“The breach had been discovered by Gemini Advisory, who informed this site that they had found approximately 200,000 patients’ payment card info for sale on a well-known marketplace. The cards had apparently been compromised between September, 2018 and the beginning of March, 2019.” states DataBreaches.net.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase