Add Penobscot Community Health Center in Maine to the list of entities that had patients affected by the American Medical Collections Agency hack.They posted the following notice on their website:
PCHC values the privacy and confidentiality of its patients’ information. Regrettably, this notice is regarding the American Medical Collection Agency (AMCA) incident, which you may have recently heard about in the news or about which you recently received notice by letter. PCHC contracted with AMCA for billing collection services.
On May 15, 2019, AMCA advised PCHC that between August 1,2018 and March 30, 2019, an unauthorized person may have had access to AMCA’s systems. Some of PCHC’s patients’ information was contained in the AMCA system, including names, dates of birth, name of referring medical provider, and other medical information related to services received at PCHC. In some cases, patients’ credit card information may also have been contained in AMCA’s systems. AMCA has informed PCHC that no health records, diagnosis, or treatment information was impacted by this incident.
PCHC began mailing notification letters to affected patients on July 12, 2019. PCHC recommends affected patients review the statements they receive from their health care providers. If they see services they did not receive, please contact the provider immediately. If you believe you may have been affected by this incident and do not receive a letter by August 5, 2019, please call 1-844-243-3018, Monday through Friday, 9:00 a.m. to 6:30 p.m. Eastern Time.
PCHC deeply regrets any concern or inconvenience this incident may cause our patients. PCHC has since ceased doing business with AMCA and is taking steps to retrieve and secure all PCHC information contained in AMCA’s systems.
FAQs
Q1. What happened?
On May 15, 2019, American Medical Collection Agency advised us that between August 1,2018 and March 30, 2019, an unauthorized person may have had access to AMCA’s systems. PCHC contracted with AMCA for billing collection services. Some of our patients’ information was contained in the AMCA system, including names, dates of birth, name of referring medical provider, and other medical information related to services received at PCHC. In some cases, patients’ credit card information may also have been contained in AMCA’s systems. AMCA has informed us that no health records, diagnosis, or treatment information was impacted by this incident.
Q2. When and how did PCHC discover this incident?
On May 15, 2019, PCHC received notice from AMCA of a possible security incident.
Q3. How many patients were affected?
Approximately 13,000 PCHC patients were potentially affected by the AMCA breach.
Q4. Did AMCA’s system contain information for all PCHC patients?
No. Only those PCHC patients whose accounts were sent to AMCA for debt collection may have had information on AMCA’s affected system. PCHC systems were not affected.
Q5. Is it safe for me to use my credit card to pay for services via phone or at a PCHC location?
Yes. PCHC did not share your credit card information with AMCA.
Q6. Is there a phone number I can call to receive more information or to ask question?
Yes. Please dial 1-844-243-3018, Monday through Friday, 9:00 a.m. to 6:30 p.m., Eastern Time.
Q7. How can I find out if my information was in AMCA’s affected system?
On July 12, 2019, PCHC mailed letters to patients who AMCA advised may have had information in their systems. Additionally, AMCA reported that it previously mailed letters to those PCHC patients who may have had credit card information in the AMCA system. You can also call 1-844-243-2018, Monday through Friday, 9:00 a.m. to 6:30 p.m. Eastern Time
Q8. What information may have been affected?
AMCA informed us that some PCHC patients’ information may have been contained in the AMCA systems, including patients’ names, dates of birth, referring medical providers, and other medical information related to care received at PCHC. In some limited cases, PCHC patients’ credit card information may have been included. AMCA advised PCHC that no medical records, lab results, or diagnoses were involved.
Q10. If my financial data was part of the AMCA security incident, will I receive credit monitoring to protect my accounts against unauthorized use?
PCHC has been advised by AMCA that those individuals whose credit card information was involved were offered 24 months of complimentary credit monitoring and identity theft protection services in the letter previously sent by.
Q12. What steps has PCHC taken in response to this incident?
PCHC has ceased doing business with AMCA and is taking steps to retrieve and secure all PCHC information contained in its systems.