Quest Diagnostics and LabCorp Data Breach

Two of the worlds largest medical testing firms have confirmed that the personal and financial data of millions of consumers were exposed by a data breach at a third-party billing collections firm. Here, the privacy attorneys at Peter Angelos Law discuss the ramifications of the data breach.

Who is Affected by the Data Breach?

Industry-leading medical testing companies LabCorp and Quest Diagnostics have announced that the personal and financial information for approximately 20 million consumers were exposed by a security breach at a shared third-party billing collections firm - the American Medical Collection Agency (AMCA).

In a filing with the U.S Securities and Exchange Commission, LabCorp said that they had learned that the breach at AMCA took place between August 1st, 2018 and March 30th, 2019. The information exposed could include first and last names, phone numbers, listed addresses, date of birth, date of service and balance information.

“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance),” the filing reads. “LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. The company has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

LabCorp’s disclosure comes days after competing lab testing firm, Quest Diagnostics, disclosed that the breach of AMCA’s systems exposed the sensitive personal information of approximately 11.9 million patients. Quest Diagnostics said they were first alerted to the breach on May 14th, but it was not until two weeks later that AMCA disclosed the number of patients affected by the breach. Quest says that they have since stopped doing business with AMCA and has hired a security firm to investigate the incident.

AMCA’s Response to the Data Breach

AMCA had initially refused to answer any questions pertaining to the data hack, but using an outside PR firm, AMCA issued the following statement:

“We are investigating a data incident involving an unauthorized user accessing the American Medical Collection Agency system. Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page.”

Speak to an Experienced Privacy Attorney at Peter Angelos Law

Data breaches can compromise people’s personal information, risking reputational or financial harm to those affected. When a data breach is the result of negligent behavior, the company or organization may be held accountable. The experienced privacy attorneys at Peter Angelos Law have filed privacy violations lawsuits of behalf of people around the country who have had their personal information exposed by data breaches. Contact us today for a no fee consultation.