One day after medical testing firm Quest Diagnostics revealed that nearly 12 million of its patients had their personal and financial information exposed as a result of a breach at the American Medical Collection Agency (AMCA), LabCorp has come forward to say that the incident has also impacted 7.7 million of its customers.
AMCA told SecurityWeek that it’s in the process of investigating “a data incident involving an unauthorized user accessing the American Medical Collection Agency system.” However, the billing collections service provider has not shared any additional details about the attack or how many of its customers have been hit.
AMCA did tell Quest and LabCorp that attackers targeted its payment portal and they had access to its systems between August 1, 2018, and March 30, 2019.
In an 8-K filing with the U.S. Securities and Exchange Commission (SEC) — Quest also disclosed the incident through a SEC filing — healthcare diagnostics company LabCorp said AMCA stored information on roughly 7.7 million of its customers. The compromised information includes name, date of birth, address, phone number, date of service, provider, and balance information.
Attackers may have also accessed credit card or bank account information, but LabCorp said diagnostic information, social security numbers, and insurance information are not stored or maintained for its customers by AMCA. It’s worth noting that AMCA did store social security numbers in the case of Quest.
“AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp a list of the affected LabCorp consumers or more specific information about them,” labcorp million patients caught breach
