LabCorp Hit by Same Breach as Quest; 19M Patient Records Exposed in Total

June 6, 2019
Lab test results were not exposed in either breach, though other personal information may have been

Just a few days after Quest Diagnostics acknowledged that a billings collections vendor it works with suffered a data breach on its web payment system that may have exposed the information of nearly 12 million patients, another medical laboratory provider, LabCorp, said that that 7.7 million of its patients were also affected by the same breach.

The third-party company, the Elmsford, N.Y.-based American Medical Collection Agency (AMCA), disclosed to LabCorp that the unauthorized activity occurred between August 1, 2018, and March  30, 2019, according to the lab provider’s SEC filing. These were the same dates given in Quest’s SEC filing earlier this week.

According to the filing, “LabCorp has referred approximately 7.7  million consumers to AMCA whose data was stored in the affected AMCA system. AMCA’s affected system included information provided by LabCorp, [which] could include first and last name, date of birth, address, phone, date of service, provider, and balance information.”

The filing further noted that AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA, for those who sought to pay their balance.

LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA, and the billings collections vendor has advised LabCorp that Social Security numbers and insurance identification information are not stored or maintained for LabCorp consumers.

AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. However, AMCA has not yet provided LabCorp a list of the affected LabCorp consumers or more specific information about them, according to the filing. AMCA will be offering those 200,000 patients identity protection and credit monitoring services for 24 months.

In a June 3 statement posted to Quest’s website, its officials said, “AMCA has not yet provided Quest or Optum360 [who AMCA contracts with for payment services] detailed or complete information about the AMCA data security incident, including which information of which individuals may have been affected. And Quest has not been able to verify the accuracy of the information received from AMCA.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?