A massive data breach affecting computer systems operated by American Medical Collection Agency (AMCA) has exposed the personal and financial information of about 20 million Quest and LabCorp patients.

Anyone who has had medical lab work performed by Quest or LabCorp could be affected by the data breach, which occurred undetected over an eight-month period from Aug. 1, 2018, to March 30, 2019.

Quest Diagnostics first disclosed the data breach on June 3 in a Securities and Exchange Commission (SEC) filing, saying that an “unauthorized user” hacked into AMCA’s data systems and potentially gained access to the personal and financial data of 11.9 million patients. Quest and LabCorp contracted AMCA to bill some of their patient accounts.

The hackers were also able to obtain first and last names, birthdays, addresses, phone numbers, dates of service, account balances, social security numbers, and medical data, according to The Washington Post.

In many cases, the banking and credit card information of patients who were paying balances with AMCA was compromised.

On June 4, LabCorp announced that the data of 7.7 million of its patients had been exposed in the same data breach. The company said that the credit card and banking information attached to about 200,000 accounts had been compromised in the attack. AMCA told LabCorp that it was in the process of notifying the patients at financial risk.

On June 6, OPKO Health Inc. and its subsidiary BioReference Laboratories said that AMCA’s data breach compromised the personal and financial data of more than 422,000 customers. AMCA told OPKO Health it was notifying about 6,600 customers credit card or bank account details were stored in AMCA’s affected system about the data breach.

AMCA said it has hired a third-party forensics firm to conduct an internal investigation of the data breach. The company is also “providing 24 months of credit monitoring to anyone who had a social security number or credit card account compromised.”

“Health care companies are especially susceptible to data breaches not only because they aggregate a tremendous amount of important and sensitive data, but also because they tend to be less focused on cyber security protection than other industries,” one expert familiar with the data breach said, according to the information security and technology news publication Bleeping Computer.

“These companies, like Quest Diagnostics, know they are at an increased risk and yet have not taken the proper steps to protect their patients’ data,” he added.

Health care companies that fail to take the proper precautions to protect their customer data, including entrusting that sensitive data to third-party contractors, put their customers at serious risk of financial loss, identity theft, and possibly even extortion.

By the time the public is notified of a data breach, it is often too late to stop the damage. That’s why it is vital to hold companies that risk their customers’ sensitive information accountable for damages. AMCA, Quest, and LabCorp are already facing numerous lawsuits, including complaints filed by several states.

Archie Grubb and Tyner Helms, lawyers in our Consumer Fraud section, are handling these claims. Fill out our contact form on this page, or call them at 800-898-2034 and they will be happy to discuss your claim.

Additional sources:
Fierce Healthcare
Ciso Mag
The Hill
Latest Hacking News

We're here to help!

We live by our creed of “helping those who need it most” and have helped thousands of clients get the justice they desperately needed and deserved. If you feel you have a case or just have questions please contact us for a free consultation. There is no risk and no fees unless we win for you.

Fields marked * may be required for submission.

Lawyers and staff continue to help me

I suffered from an allergic reaction to a common medication causing permanent injury when I was 15 years old. My settlement allows me to take care of myself instead of being on disability. Even after my case was over, the lawyers and staff continue to help me.