Update: Over 20 million affected in massive AMCA data breach

• The data was compromised after AMCA’s payment system was breached on August 1, 2018, and remained vulnerable till March 30, 2019.
• AMCA has started notifying consumers whose credit card number, social security number or lab test order information may have been accessed.

Maryland Attorney General Brian E. Frosh is alerting Marylanders that their medical and other private information may have been compromised in the massive AMCA data breach. The data breach has impacted over 20 million patients of five diagnostic firms that took services from American Medical Collection Agency.

Who are the victims?

The companies that were affected in the data breach are:

• Quest Diagnostics: 11.9 million patients
• LabCorp: 7.7 million patients
• BioReference Laboratories: 422,600 patients
• Carecentrix: 500,000 patients
• Sunrise Laboratories: unknown number of patients

The data of these companies were compromised after AMCA’s payment system was breached on August 1, 2018 and remained vulnerable till March 30, 2019.

What data was involved?

Although the compromised information varies for each victim company, but it includes some or all of the following:

• Patient Name
• Date of Birth
• Address
• Phone Number
• Date of Service
• Provider
• Balance Information
• Payment Card Information
• Bank Account Information
• Social Security Number
• Lab Test Performed

How is the situation being addressed?

AMCA has started notifying consumers whose credit card number, social security number or lab test order information may have been accessed.

Meanwhile, General Frosh has also urged consumers to review their financial and medical accounts for suspicious activity.

“Massive data breaches like the one experienced by the AMCA are extremely alarming, especially considering the likelihood that personal, financial, and medical information may now be in the hands of thieves and scammers,” said General Frosh, CBS Baltimore reported.