July 20, 2019

Texas laboratory operator discloses additional AMCA data breach victims

On July 12, 2019, Clinical Pathology Laboratories, Inc (CPL), a Texas-based laboratory services company serving the southwestern region of the US, reported that Retrieval Masters Creditors Bureau (doing business as American Medical Collection Agency or AMCA) had informed the company of a data breach involving the AMCA payment site.  Specifically, AMCA, which collects debts for medical testing companies, disclosed to CPL that it became aware of the breach on March 21, 2019, investigated the incident, and informed CPL in May 2019.  CPL indicated that it is still investigating the matter, and that patient names, addresses, phone numbers, birthdates, medical service dates, balance information, credit card and bank account information, and provider identification, may have been affected by the breach.  CPL added that neither social security numbers nor patient medical records were exposed in the AMCA data security incident.

Media reports confirmed that CPL’s announcement relates to the same incident that affected Laboratory Corporation of America Holdings (LabCorp) and Quest Diagnostics Incorporated, and that 2.2 million of CPL patients’ records may have been involved.  This brings to nearly 22 million the number of people affected by the AMCA breach.

As a result of the data breach and its aftermath, on May 17, 2019, AMCA filed for protection under Chapter 11 in the US Bankruptcy Court for the Southern District of New York.

CPL announcement