The data breach at AMCA is slowly turning out to be massive as the name of another victim company comes to the light. The recent update is that the data breach has impacted over 400,000 patients related to Opko Health Inc.
What’s the update?
In a file submitted to the US Securities and Exchange Commission (SEC), AMCA has revealed that the OPKO Health subsidiary, BioReference Laboratories Inc, was also a victim of the data breach. The breach had occurred after hackers gained unauthorized access to AMCA’s web payment page.
Following the breach, the unauthorized party has accessed the BioReference medical test data of around 422,600 patients between August 1, 2018, and March 30, 2019. Apart from this, the accessed data also contained payment information and PII of patients.
American Medical Collection Agency informed Opko Health that the compromised data may include credit card and bank account information, email addresses and other data such as physical addresses, phone numbers, and balance information.
However, no social security number, bank account passwords or security questions have been compromised in the breach.
What actions have been taken?
AMCA has reported BioReference Laboratories Inc about the breach. In addition, it has also informed the law enforcement agency.
The SEC filing also states that AMCA will send breach notification to nearly 6,600 customers that availed Opko’s testing services and whose bank account & credit card info was stored on the breached system.
The bottom line
AMCA has hired an external forensic firm to investigate the matter. It has also migrated its web payment services to a third-party vendor. The data breach has also affected other diagnostic services providers Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp).