Blood Sucking Hackers

On June 3rd, Quest Diagnostics filed a report with the Security and Exchange Commission (SEC) stating that  it was notified on May 14th that between August 1, 2018 and March 30, 2019 an unauthorized user access to American Medical Collection Agency (AMCA) system that contained information received from various entities, including Quest Diagnostics. The information included credit card numbers and bank account information, medical information and other personal information of approximately 11.9 million people.

The very next day LabCorp filed a similar brief with the SEC stating that the AMCA informed them that it is sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed.

AMCA is third-party collection agency that stores information such as first and last names, credit card and bank account numbers, birth dates, addresses, phone numbers, dates of services, health care provider information, and the amount customers owe. The information AMCA received comes from a company called Optum360,  a revenue cycle management provider. No information about lab results is passed on to the AMCA. Both Quest and LabCorp have suspended business with the AMCA.

The question most consumers are probably asking themselves is when they will be notified. Right now there is a lot of finger pointing. The laboratory companies systems were not breeched and neither were Optum360’s. The challenge is that while those companies appear to be committed to keeping all relevant parties informed the AMCA has not given them any specific information about the individuals impacted.