Eight months after a disastrous data breach, the US-based medical bill and debt collector, American Medical Collection Agency (AMCA), has filed for Chapter 11 bankruptcy protection. This will enable AMCA to shore up its finances while being protected from creditors’ lawsuits and aggressive collection agencies.
According to a report from SC Magazine, Retrieval-Masters Creditors Bureau Inc., AMCA’s mother company, filed in the Southern District of New York with the aim of liquidating the company.
Tracing back, AMCA was reported to have been hacked last year, from August of 2018 to March of 2019. The said breach has exposed the PHI of around 20 million patients from its corporate clients. This includes patients from Quest Diagnostics (12 million records exposed), LabCorp (8 million), BioReference Laboratories (423,000), Carecentrix (500,000), and Sunrise Laboratories.
It was only in March that the medical bill collector firm discovered about the breach. This was when a lopsided record of credit cards that interacted with the firm’s web portal was linked to fraudulent transactions. On May 31, they began notifying the impacted clients.
After the reveal, multiple class-action lawsuits were reported to have been filed against AMCA and its corporate clients, including Quest Diagnostics and LabCorp.
Company founder and CEO Russell H. Fuchs explained to the court that the data breach resulted in a chain of events that forced the company to seek liquidation. Among the different reasons including the loss of a number of clients, piling up of around $4 million in fees and expenses, and the reduction of its 113 staffers to 25.
In the filing documents, it states: “Almost immediately upon learning of the breach, LabCorp unqualifiedly and indefinitely terminated its relationship with the Debtor.”
“Soon after, Quest Diagnostics, Conduent, Inc., and CareCentrix, Inc. which together with LabCorp were the Debtor’s four largest clients, stopped sending new work to the Debtor, and all terminated or substantially curtailed their business relationships with the Debtor.”
In the same document, CEO Fuchs said its parent firm, RMCB, has hired IT professionals and consultants from three firms to detect the source of the breach and come up with appropriate solutions.
“To date, these expenses alone cost approximately $400,000, and have effectively shut down outside entry into the [company’s] IT network by severely restricting access via the employment of individual authentication mechanisms, VPN access, or specifically vetted ‘whitelists’ of pre-approved IPs,” the filing states.