The Laboratory Corporation of America (LabCorp) revealed that a privacy attack has exposed the information of 7.7 million consumers. The breach occurred at an external company tasked for billing collections. This compromised the personal and financial details of millions of patients.
Reports say that American Medical Collection Agency (AMCA) is the billing company in question. AMCA mainly partners up with health-care firms.
The attack on LabCorp came into light after also disclosed an attack with another client, Quest Diagnostics. The third-party collections company divulged that the attack resulted in the leak of around 11.9 million Quest Diagnostics patients.
A day after the disclosure of the Quest Dynamics hack, the billing company revealed the LabCorp attack. Investigations for the attacks are underway. AMCA is reportedly increasing security measures to protect its data and systems.
According to LabCorp, clients’ records for laboratory tests and results are safe despite the incident. However, this led to the uncovering over 200,000 credit card and bank account information. AMCA assured the medical laboratory that it is acting to inform patients involved.
AMCA remarked that info about the breach came from a security company that collaborates with credit card service providers. Upon learning about the attack, it has removed the online payment feature from its website. It has also enlisted the help of an external auditing company for systems reviews.
To compensate for potential security issues, the billing firm will provide free credit monitoring to victims. The offer is applicable for two years. This covers clients who had their Social Security numbers and credit card details leaked.
As of this writing, the collections company has transferred its online payments to a third-party service provider.
AMCA is the service provider for Optum360, a part of UnitedHealth Group. Optum360 is the billing contractor for Quest Diagnostics.
As with the LabCorp incident, this attack also compromised patients’ financial data, Social Security numbers and medical info. AMCA clarified that unauthorized users did not acquire laboratory results.
Optum360 clarified that its own data was not leaked. It is also working with Quest and AMCA to take action to resolve the matter.
Meanwhile, the incident is not classified as one of the largest breaches in recent news. The two largest hacks were 2016’s Yahoo breach, which compromised the data of 1 billion customers. This is followed by 2017’s Equifax issue which disclosed the details of 145.5 million consumers.