Clinical Pathology Laboratories notifies patients of security incident caused by AMCA data breach

• AMCA has sent notification letters to 34,500 CPL patients informing them about the data breach.
• While CPL’s investigation is ongoing, based on the information provided by AMCA, CPL estimates another 2.2 million patients to be impacted by the incident.

Clinical Pathology Laboratories (CPL) becomes the latest victim to notify its patients about a data breach that was caused due to the American Medical Collection Agency (AMCA) incident.

The big picture

In May 2019, AMCA informed CPL that personal information for some CPL patients that were stored in AMCA systems, were impacted in a security incident. Upon which, CPL launched an investigation to determine the nature and scope of the breach. Further, CPL has ceased doing business with AMCA.

CPL confirmed that the impact of this incident is limited to patients who live in the US and whose accounts were referred for debt collection.

“CPL takes the security of its patients’ information very seriously, including the security of data handled by vendors. The privacy and protection of patient information is a top priority. As a result of the investigation, CPL is no longer using AMCA for collection efforts. CPL greatly appreciates the patience and loyalty of its patients as it works to respond to this incident,” CPL said in a security notice.

What information was compromised?

• The compromised information includes CPL patients’ names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card information, and treatment provider information.
• AMCA confirmed that patients’ social security numbers were not involved in the incident.

What is the impact?

• AMCA has sent notification letters to 34,500 CPL patients informing them about the data breach.
• While CPL’s investigation is ongoing, based on the information provided by AMCA, CPL estimates another 2.2 million patients to be impacted by the incident.