A day after Quest Diagnostics confirmed 11.9 million of its customers have been affected by a cyberattack on American Medical Collection Agency (AMCA) comes news that a rival network of blood testing laboratories has also been impacted.
LabCorp also uses AMCA’s billings collection services and the data of its customers has also been exposed. In a recent U.S. Securities and Exchange Commission (SEC) filing, LabCorp states that it received a notification from AMCA confirming its data has also been compromised.
LabCorp provided AMCA with the data of 7.7 million individuals, all of whom may be affected. AMCA notified LabCorp that approximately 200,000 of those individuals have had their financial information exposed and are being notified about the breach. Those individuals have been offered credit monitoring and identity theft protection services for 2 years at no cost.
Other customers have had information such as their name, address, date of birth, phone number, dates of service, provider information, and balance information exposed. LabCorp has not yet received details of the individuals that have been affected, so it is not yet possible to issue notifications.
Unlike Quest Diagnostics, LabCorp did not provide AMCA with any Social Security numbers, so they remain secure. LabCorp has also confirmed that medical data, insurance information, and lab test results were not exposed.
AMCA learned it had been the victim of a cyberattack in May following the discovery of a batch of credit card numbers and social security numbers for sale on a darknet marketplace. An investigation into the breach is ongoing, but it has been confirmed that its web payment portal was compromised from August 1, 2018 to March 30, 2019.
Many different entities used AMCA services, including laboratories, hospitals, physician groups, and medical providers across the United States. So far it has been confirmed that up to 19.6 million individuals have been affected by the breach.
This is already the second largest healthcare data breach to be reported in the United States. Over the next few weeks the total number of individuals affected should become clear.