AMCA Data Breach: Important Things Surrounding The Incident

The American Medical Collection Agency recently experienced a security breach. The AMCA data breach, unfortunately, has now revealed the personal information of over 20 million Americans.

Moreover, the exposed data caused by the AMCA data breach incident belongs to Americans who paid for laboratory work and uses AMCA’s billing portal.

Here’s what we know and what we learned.

Hack Went Undetected

The breach was first reported by

It took place after a hacker group compromised AMCA’s IT network. And, eventually stealing payment information.

Because of this, they can now sell it to the dark web.

This information includes names, phone numbers, dates of birth, and home addresses. Also, Social Security numbers, payment card details, and bank account information.

After being confronted, AMCA officials eventually admitted the incident.

According to AMCA, the incident spanned for 8 months, from August 1, 2018, to March 30, 2019.

Impacted Laboratories

  • Quest Diagnostics (11.9 million patients)
  • LabCorp (7.7 million patients)
  • BioReference Laboratories (Opko Health subsidiary, 422,600 patients)
  • Carecentrix (500,000 patients)
  • Sunrise Laboratories (undisclosed number of patients)

False Claims

AMCA initially claimed that only 200,000 patients are affected.

However, succeeding SEC filings by testing laboratories denied its original statements.

Filed Cases

  • In Washington, US Sen. Mark Warner (D-VA) requires the company to demonstrate its vetting process for selecting AMCA as a billing vendor.
  • Then, Democratic New Jersey Sens. Cory Booker and; 
  • Bob Menendez also forwarded letters to AMCA, Quest, and LabCorp

Whatever comes next, it’s certainly not good for AMCA, with authorities and the courts expected to come down hard on the billing vendor.

What Lessons We Learned

  • Companies can be held liable for their suppliers’ data breaches.

Yes, you can also be accountable for your suppliers’ data breaches. That’s why it is a good idea for supplier selection.

  • Businesses need to continually monitor their IT operations for suspicious activity.

As a result, you’ll notice if a data breach is occurring. Monitoring for suspicious activities frequently can be a key difference. Instead of finding out on the 7th month, it might be just in 7 hours. That’s a big disparity.

  • Companies must notify the victims affected by a breach on time.

Of course, you are required to notify individuals of data breaches if their data was stolen. Moreover, defectively managed notifications can increase the result of the data breach. Immediate notifications in a kind manner can help lessen negative feelings.

  • Data breaches are costly.

In the bankruptcy filing, AMCA noted that it incurred substantial costs due to the incident. What’s the amount? It is an absurd $3.8 million, just to mail millions of notices to patients. 

Aside from that, It also spent $400,000 to hire IT experts that can identify the source of the breach, diagnose its cause, and implement appropriate solutions.

Indeed, it is a costly problem.

  • Data breaches often lead to lost business — and worse.

A data breach can end in wasting existing customers. Also, missing out on future business opportunities, and even holding to file for bankruptcy or go out of business.

Rate this post:

Leave a Comment

Your email address will not be published. Required fields are marked *