A security breach at American Medical Collection Agency (AMCA), a provider of billing services for the US healthcare sector, has now exposed the personal and financial information of over 20 million Americans, possibly more. See also 10 dangerous app vulnerabilities to watch out for (free PDF) The exposed data belongs to Americans who paid laboratory work at various clinical and blood testing labs across the US and used AMCA’s billing portal. Hack went undetected for months The breach, first reported by DataBreaches.net, took place after a hacker group compromised AMCA’s IT network and stole payment information, which they later put up for sale on carding forums. Exposed data included names, home addresses, phone numbers, dates of birth, Social Security numbers, payment card details, and bank account information. After being confronted about the hack, AMCA officials admitted to the security incident, which they said lasted from August 1, 2018, to March 30, 2019, a period of eight months. Since officially confirming the breach, several of AMCA’s corporate clients (testing labs) have now also started notifying their own customers of their billing partner’s security snafu. The list of impacted testing laboratories includes Quest Diagnostics (11.9 million patients), LabCorp (7.7 million patients), BioReference Laboratories (Opko Health subsidiary, 422,600 patients), Carecentrix (500,000 patients), and Sunrise Laboratories (undisclosed number of patients). Lots of problems ahead Neither AMCA nor its five customers have yet to notify all users impacted by the breach, which may pose issues for all involved parties. AMCA initially claimed that only 200,000… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.