AMCA Data Breach Victim List Continues To Grow—What A Mess!

The list of laboratories affected by the data breach at American Medical Collection Agency (AMCA), which filed for bankruptcy on June 17, continues to grow. So far, at least 24 labs and more than 25 million patients are estimated to have been affected by the incident.

AMCA had been the nation’s largest debt collector for past-due lab test bills. Hackers gained access to AMCA’s online payment system between Aug. 1, 2018 and March 30, 2019. The target was patient credit card information, which is now being sold on the dark web (see LE, July 2019).

In addition to Quest Diagnostics, LabCorp and BioReference Labs, other former AMCA lab clients affected by the hack include many of Sonic Healthcare USA’s subsidiary labs including Clinical Pathology Labs, Sunrise Medical Labs, CBLPath and American Esoteric Labs. In addition, Sonic acquired Aurora Diagnostics in January and many of its subsidiary labs had been AMCA clients as well. Other labs affected by the breach include CompuNet Clinical Labs, Inform Diagnostics, Natera and Penobscot Community Health Center in Maine.

The AMCA data breach is a huge headache for both the legal and information technology departments at affected labs. For example, Quest Diagnostics says that approximately 31 class action lawsuits related to the AMCA data hack have been filed against it. In addition, Attorneys General
offices from numerous states and the District of Columbia and certain U.S. senators are investigating the situation and requesting information from affected labs.

And finally, there is also the question of what happens to the legitimate past-due balances owed by more than 25 million patients to the affected labs? Assuming an average past-due balance of $20 per patient and a collection rate of 10% suggest there might be a total of $50 million worth of
writeoffs incurred by former AMCA lab clients.