Health Organizations Deal with Massive Security Breach
On Monday, June 3, blood testing giants Quest Diagnostics and LabCorp reported an information breach that officials say may affect more than 12 million of their patients’. One news story from 9News One day later, LabCorp Industries reported that the incident put nearly 8 million of their patients’ data at risk. Both incidents resulted from the use of a third-party collection agency, the American Medical Collection Agency (AMCA).
According to the press releases from Quest and LabCorp, AMCA alerted the two that an unauthorized user had access to the providers’ web payment system from August 2018 to March 2019. Though reports have not confirmed exactly what information the hack accessed, officials say patients’ personal, medical, and financial details may have been exposed over the eight-month breach. Both healthcare organizations say they have suspended their use of AMCA’s collection system until more information detailing the potential damage is released.
“We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more,” said Quest in their initial statement. In its 8-K filing with the Security and Exchange Commission, LabCorp stated that AMCA will provide its patients with identity protection and credit monitoring for 24 months.
Patients across the country continue to file lawsuits against the providers and AMCA on the grounds that they were not alerted of the hacked system early enough to prevent damage. In New Jersey, Sens. Cory Booker and Bob Mendez have also sent letters to the three parties calling into question the unclear timeline of the incident.