12 million patients affected

Henrietta Strickland
Июня 6, 2019

A day after Quest Diagnostics said its customers' data has potentially been compromised, rival LabCorp said its patients' personal information may have been exposed, too.

Three companies will be receiving letters demanding information about a data breach that has affected 12 million people around the country per Michigan Attorney General Dana Nessel.

The clinical laboratory company said in a release that an "unauthorized user" gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor hired by a Quest contractor called Optum360.

Among the patient information possibly compromised in the LabCorp breach are the first and last names, dates of birth, addresses, phone numbers, dates of service, providers and balance information.

According to information reported publicly by Quest Diagnostics on June 3, they were notified of the breach by AMCA on May 14 and were provided with the number of impacted patients on May 31.

LabCorp said AMCA has not yet provided it with a list of affected patients.

"LabCorp is working closely with AMCA to obtain more information and to take additional steps as may be appropriate once more is known about the AMCA incident", LabCorp wrote in its filing.

Quest also said it is investigating the matter further and will "ensure patients are appropriately notified consistent with the law". Independent security reporter Brian Krebs noted in a blog posting about the LabCorp disclosure that AMCA also does business as Retrieval Masters Creditors Bureau. Unlike LabCorp, Quest said the exposed information may have included Social Security numbers and medical information, but not test results. In an effort to soothe customer concerns, LabCorp will offer identify protection and credit monitoring services for 2 years.

"We remain committed to our system's security, data privacy, and the protection of personal information", the company said.

AMCA, which works primarily with health care companies, said in a statement Wednesday that it learned of the breach from a security firm that works with credit card companies.

Other reports by

Discuss This Article