Millions affected in consecutive medical data breaches

A third-party cyber forensics team has been called in to investigate the breaches that exposed nearly 20 million patient records

Data breach

Two separate data breaches at a payment collection firm have resulted in the exposure of sensitive information belonging to 20 million people.

The medical testing giant LabCorp said on 4 June that sensitive personal and financial information of 7.7 million of its customers had been exposed as a result of a security breach sustained by the American Medical Collection Agency (AMCA), according to a filing with the Security and Exchange Commission.

The AMCA is a third-party payment collection agency used by both LabCorp and blood testing company Quest Diagnostics which was also affected by a breach at the agency. The AMCA services credit card companies, healthcare institutions, personal finance lenders and creditors.

The breach is believed to have taken place between 1 August 2018 and 30 March 2019; affected customers could have their names, addresses, phone numbers, dates of birth and balance information exposed.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"AMCA's affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance)," read the filing.

"LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers." 

Since the breach's discovery, LabCorp has said that it will notify all customers it believes have been affected and will offer them identity protection and credit monitoring services for 24 months.

A blood testing laboratory Quest Diagnostics informed its customers on Monday, just a day earlier than the coverage of LabCorp's breach, that an attacker's unauthorised access to the AMCA's payment systems resulted in 11.9 million of its customers' social security and credit card numbers were also put at risk.

Both Quest Diagnostics and Optum360, a Quest Diagnostics contractor that also uses AMCA's billing services, were informed of a possible data breach on 14 May, an event which was later confirmed on 31 May.

"Quest has not been able to verify the accuracy of the information received from AMCA," the company said in a statement. "Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA."

Advertisement - Article continues below

The AMCA manages more than $1 billion in annual receivables over a broad client base. A firm representing the agency said in a statement given to NBC that "upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page".

"We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems' security," it added.

"We have also advised law enforcement of this incident."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020