Quest Diagnostics and LebCorp Vendor American Medical Collection Agency Files for Bankruptcy After Data Breach
Retrieval-Masters Creditors Bureau, the parent company of American Medical Collection Agency (AMCA), has filed for bankruptcy. American Medical is a third-party debt collector for Quest Diagnostics, LabCorp, BioReference Labs as well as others that leaked the personal and financial data of 20 million lab patients over the course of nine months.
Chapter 11 bankruptcy was filed in the Southern District of New York. Reason for the filing included the “enormous expenses that were beyond the ability of the debtor to bear.” Four of its largest clients, LabCorp, Quest, Diagnostics, Conduent, and CareCentrix stopped doing business with AMCA due to the breach. AMCA is seeking to liquidate its assets and liabilities valued at $10 million. AMCA had initially promised to pay for two years of credit monitoring but with the bankruptcy declaration, is it not clear if that will still be provided. LabCorp, Quest Diagnostics, and AMCA have all been hit with lawsuits
AMCA handled debt collection for Quest Diagnostics, LabCorp, BioReference Laboratories, and many other medical offices and services. The breached data involves over 20 million patients. Hacked data includes credit card numbers, health savings card numbers, bank account information, patient names, birthdates, addresses, phone number, and test results.
On June 3 Quest Diagnostics reported to the US Security and Exchange Commission (SEC) that its third-party collection agency, American Medical Collection Agency, had suffered a data breach. On June 4, LabCorp notified the SEC that the same incident affected them as well. Senators Bob Menendez, Cory Booker, and Mark Warner wrote to Quest Diagnostics asking about breach details.
The data breach occurred over a span of nine months between August 1, 2018, and March 1, 2019. The breach was discovered in March but not announced until June 2019. About 7.7 Million LabCorp patients and 1.9 Quest patients were hacked through AMCA’s web portal payment system.
Hacked Payment Information Already Found on the Dark Web
Cyber security researchers already found some of the hacked credit card numbers for sale on the dark web. Hacked patient data includes Health Savings Account (HSAs) numbers, Health Reimbursement Account (HRA) number, Flexible Spending Accounts (FSA) information, and Medicare Medical Savings Accounts (MSA), bank accounts, and credit cards.
The CEO of Retrieval-Masters Creditors Bureau Russell Fuchs loaned AMCA $2.5 million to pay for mail notices sent to affected customers. Some of the loaned funds were spent on IT related to the data breach. AMCA spent $3.8 million to mail more than seven million notices to individual data breach victims.
If you were a Quest Diagnostics, LabCorp patient, or BioReference patient you should:
- AMCA detected the data breach because it was receiving notices that an exceptional number of credit cards used in its web portal payment system were tied to an abundance of fraudulent charges
- Monitor all financial accounts – credit cards and bank accounts – carefully
- Monitor your credit score. Many credit cards track your credit score for free
- All US consumers can receive a free credit report from each of the three credit bureaus -– Equifax, Experian, and TransUnion – every year
- Look for any new lines of credit opened using your name
- Activate a fraud alert on your credit files. A fraud alert lets credit reporting agencies know you may have been a victim of identity theft. Financial institutions will do more to verify your identity before opening new accounts
- Place a credit freeze on your name to stop any new accounts from being opened using your name. A credit freeze does not prevent increases to any existing credit accounts
With so much detailed personal data and financial data stolen, hacked patients are vulnerable to every type of cyber attack from spear phishing emails, credit card fraud, identity theft and BEC scams.
What is American Medical Collection Agency – AMCA?
American Medical Collection Agency (AMCA) is a debt collection agency that specializes in collecting past due accounts from hospitals, medical offices, doctors, laboratories and other medical related companies. When the data breach was announced earlier this month, AMCA’s website claimed it handles over one billion US dollars of collection activity.
What Is Quest Diagnostics?
Quest Diagnostics Incorporated is a clinical laboratory company based in Secaucus, NJ. The company handles outpatient blood testing and other diagnostic procedures for patients in the United States, United Kingdom, Mexico, and Brazil.
What Is LabCorp?
Laboratory Corporation of America Holdings, known as LabCorp, is a clinical laboratory company headquartered in Burlington, North Carolina. LabCorp processes more than 2.5 million lab tests each week.
What Is BioReference Laboratories?
BioReference Laboratories, Inc. is a Subsidiary of OPKO Health, Inc and is based in Elmwood Park, NJ. The company handles laboratory testing and clinical diagnostic services for physicians, hospitals, and medical clinics. About 422,000 BioReference patients were affected in this data breach.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers