DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

And so it begins… state attorneys general investigating American Medical Collection Agency breach

Posted on June 8, 2019 by Dissent

From the Illinois Attorney General’s Office:

Chicago — Attorney General Kwame Raoul and Connecticut Attorney General William Tong today announced an investigation into the data breach at American Medical Collection Agency, which may have exposed the personal information of nearly 12 million patients of Quest Diagnostics (Quest) and 7.7 million Laboratory Corporation of America (LabCorp) patients.

Raoul and Tong issued letters this week to American Medical Collection Agency, Quest, and LabCorp requesting additional information about the recently reported data breach that compromised the health and financial data of potentially millions of patients. The breach was reportedly the result of malicious activity on the payment page of American Medical Collection Agency’s website. The company is a third-party collection vendor for the two medical testing companies.

“The last thing patients should have to worry about is whether their personal information has been compromised by the entities responsible for protecting it,” Raoul said. “I am committed to ensuring that impacted patients receive timely notification and that the companies involved take precautions to protect consumers’ sensitive health and financial information in the future.”

“Sensitive personal information of millions of patients may have been compromised, and I am deeply concerned about the adequacy of the plans in place to notify and protect all affected individuals. It is important to determine the cause of this serious data breach and what steps these companies are taking to ensure this does not happen again,” Tong said.

In the letters, Raoul and Tong are requesting each company provide the total number of residents in Illinois, Connecticut and nationwide affected by the breach; a breakdown of the categories of personal information compromised; and information describing how the companies intend to inform and protect impacted residents. Raoul and Tong are also seeking the facts and circumstances surrounding the breach, measures the companies had in place to protect patient data privacy, and plans to prevent a future breach.

Patients who may have been impacted by the breach should receive notification from one of the companies involved, as well as information detailing additional steps they should take.

Raoul encourages patients concerned that their personal information has been compromised to consider requesting a free security freeze from the three credit reporting agencies – Equifax, Experian, and TransUnion – in writing, over the phone or online. A security freeze can help prevent identity theft because most businesses will not open credit accounts without first checking a consumer’s credit history. Once a consumer freezes their credit files, even someone who has the consumer’s name and Social Security number will likely not be able to obtain credit in the consumer’s name. Credit bureaus cannot charge fees to place, lift, or temporarily lift a credit freeze. Additionally, Raoul recommends consumers monitor their credit regularly by requesting one free credit report annually from each of the credit reporting agencies.

And of course, some members of Congress have already sent inquiries to AMCA and the covered entities.

Category: Commentaries and AnalysesHealth DataSubcontractorU.S.

Post navigation

← “Achilles”, Hacker Behind Attacks on Military Shipbuilders, UNICEF & International Corporations
SG: Firm fined $4k by PDPC for leak of more than 400 national servicemen’s data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.