A security breach at American Medical Collection Agency (AMCA), a provider of billing services for the US healthcare sector, has now exposed the personal and financial information of over 20 million Americans, possibly more. The exposed data belongs to Americans who paid laboratory work at various clinical and blood testing labs across the US and used AMCA's billing portal. Since officially confirming the breach, several of AMCA's corporate clients (testing labs) have now also started notifying their own customers of their billing partner's security snafu. AMCA initially claimed that only 200,000 patients had their data stolen by hackers, but subsequent SEC filings by testing laboratories contradicted its initial statements. In Washington, US Sen. Mark Warner (D-VA) also sent a letter to Quest Laboratories demanding the company explain its vetting process for selecting AMCA as a billing vendor, and what requirements a third-party vendor has to pass. Cory Booker and Bob Menendez also sent letters to AMCA, Quest, and LabCorp, seeking official answers on how a breach of this severity went undetected for eight months.