Were You Affected by the AMCA Data Breach?

If you have received notification that your personal information related to medical lab work was compromised by the recent AMCA data breach, you may have grounds to take legal action.

In June 2019, USA Today reported that as many as 12 million people were affected by the exposure of medical billing information kept by American Medical Collection Agency (AMCA), a third-party company that handles medical billing for over a dozen laboratories and testing companies. Information that was exposed includes health records as well as sensitive financial information, putting victims at risk for identity theft and more.

Quest Diagnostics Warns Consumers

One of the medical service providers affected by AMCA’s data breach is Quest Diagnostics. Earlier this year, Quest issued a warning in a securities filing that an unauthorized party had had access approximately 11.9 million patient records to one of its vendor’s databases between August 1, 2018 and March 30, 2019. Quest said its own systems were not directly affected; however, one of the company’s vendors, a payment processor, receives services from AMCA.

There was no information on specific individuals whose data may have been compromised. As a result of the AMCA data breach, the vendor in question, Optum360, stopped submitting collection requests.

The following day, another company that works with AMCA, LabCorp, reported that the records of approximately 7.7 million consumers had potentially been exposed, including credit card and bank information.

AMCA Responds

Shortly after Quest announced its discovery of the data breach, AMCA said it was conducting its own investigation. The company took down its online payments page and notified law enforcement in addition to hiring a third-party forensics firm to investigate the matter. Consumers who were affected were offered identity theft protection and credit monitoring services for a two-year period, free of charge.

What Was At Risk

Consumer data that is potentially at risk because of the AMCA data breach includes:

• addresses and contact information
• bank and credit card records
• Social Security numbers
• medical tests and their results
• referring physician names
• diagnoses
• internal patient identifiers

Labs and other service providers that have used AMCA’s billing services include:

• Quest Diagnostics
• LabCorp
• Clinical Pathology Laboratories
• American Esoteric Laboratory
• Carecentrix
• Sunrise Medical Labs
• BioReference Labs/OPKO Health, Inc.
• Inform Diagnostics
• CBL Path
• Laboratory Medicine Consultants
• Wisconsin Diagnostic Laboratories
• Compunet Clinical Laboratories
• West Hills Hospital and Medical Center (United West Labs)

Consequences of the AMCA Data Breach

Within a month, AMCA’s parent company, Retrieval-Masters Creditors Bureau, lost several major clients (including Quest Diagnostics, LabCorp, Conduent and CareCentrix)) and wound up filing for Chapter 11 bankruptcy. Almost 80 percent of its employees lost their jobs as a result, and the company’s CEO reportedly took out a personal loan of $2.5 million in order to cover the costs of notifying consumers affected by the breach.

Not the First Time for Quest, Either

Although Quest Diagnostics was not directly affected by the AMCA data breach, they have been involved in such incidents before. In 2016, hackers managed to access approximately 34,000 patient records, including names, lab results, birth dates and contact information through the MyQuest by Care smart phone app.

What Can Consumers Do?

Not long after the data breach was announced, AMCA’s parent company declared bankruptcy. The declaration of bankruptcy may have been a “pre-emptive strike” made in response to pending class action lawsuits that have been filed in California and New York. This means that the amount of any compensation for affected patients could be severely limited by the bankruptcy court.

Join a Free AMCA Data Breach Class Action Lawsuit Investigation

If you are a patient at LabCorp, Quest or another lab and you received notice that you were affected by the AMCA data breach, you may qualify to join this data breach class action lawsuit investigation.

Learn More

This article is not legal advice. It is presented
for informational purposes only.