It’s not just Quest: LabCorp says it was hacked too

Henrietta Brewer
June 6, 2019

The LabCorp hacking comes the same week Quest, another major medical testing company, announced millions of its patients' files may have been stolen in a separate data breach.

The company said it has referred millionsof customers to AMCA for billing collections, and 7.7 million customers had their data stored in the hacked system.

We don't yet know how expansive the breach really is: AMCA also works with various entities, including health insurers.

The American Medical Collection Agency told LabCorp that there was "unauthorized activity" on its payment collection page between August 1, 2018, and March 30, 2019, the U.S. Securities and Exchange Commission said in a filing.

The attack targeted the AMCA's website and skimmed personal information that included patient names, birth dates, addresses, phone numbers, dates of service, providers, and account balance.

AMCA does not store Social Security numbers for LabCorp patients, according to the collection agency.

The information on AMCA's systems included medical information and financial information, but AMCA had nothing to do with laboratory tests and, therefore, the tests were not impacted by the breach. Additionally, LabCorp confirmed that almost 200,000 patients also had their credit card or bank information stolen.

Quest also said it is investigating the matter further and will "ensure patients are appropriately notified consistent with the law". In its announcement Monday, Quest said the breach may have exposed some of its patients' Social Security numbers. AMCA is notifying them and will offer them "identity protection and credit monitoring services for 24 months".

"LabCorp takes data security very seriously, including the security of data handled by vendors".

Quest said it has suspended using AMCA and that it was using "forensic experts" to examine the issue.

"We remain committed to our system's security, data privacy, and the protection of personal information", the company said.

AMCA did not provide Quest with detailed or complete information on the breach, including who may have been affected, according to Quest.

Other reports by iNewsToday