by John R. Fischer
, Senior Reporter | June 04, 2019
A security breach of AMCA has
put nearly 12 million patients
Financial details of nearly 12 million patients may be at risk following a security breach at American Medical Collection Agency.
The billing collections service provider is currently taking steps to address the situation and mitigate damage, while informing clientele of the incident, including Quest Diagnostics, a blood testing company which, along with one of its contractors, Optum360, utilizes AMCA’s billing collection services.
“On May 31, 2019, AMCA notified Quest and Optum360 that the data on AMCA’s affected system included information regarding approximately 11.9 million Quest patients. AMCA believes this information includes personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results," said a Quest spokesperson in a statement to HCB News, adding that "Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information."
Quest has since suspended transmission of collection requests to AMCA and is working with Optum 360 to ensure patients are notified of the situation, in accordance with the law. No lab test results were breached, according to The Hill
It is, however, unable to verify the accuracy of the information received from AMCA at this time, and says that it has not received “complete information” on the breach, including details on which customers were impacted.
In response, AMCA says it has taken a number of steps to investigate the matter. "We are investigating a data incident involving an unauthorized user accessing the American Medical Collection Agency system," Jennifer Kain, a company spokesperson, told HCB News. "Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page. We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security. We have also advised law enforcement of this incident. We remain committed to our system’s security, data privacy, and the protection of personal information."