AMCA Breach Victim Count Nears $24 Million

Over the past 10 days, several more healthcare providers have announced that they have been affected by the data breach at American Medical Collection Agency (AMCA). Quest Diagnostics, LabCorp, and BioReference Laboratories were the first to confirm they had been affected. More than 20 million patient records from those laboratories were exposed in the breach.

Clinical Pathology Associates was also badly affected. 2.2 million of its patients had their personal information exposed. More than a dozen other healthcare companies have now confirmed that they have received notification from AMCA that their patients’ data was also involved.

As it stands, 18 healthcare providers have confirmed they were affected, and almost 24 million records have been exposed. There could well be other healthcare providers affected by the breach. The final total is unlikely to be known for some time.

Many of the affected companies have complained that AMCA has been slow to release information and that requests to participate in the investigation have been turned down. Several of the companies that have recently made announcements said it was not possible to issue notifications to the media any sooner as they had incomplete information on the breach and were not sure how many patients had been affected.

Healthcare companies confirmed as having been affected by the AMCA data breach are detailed below, with the approximate number of records involved.

Healthcare Organization Records Exposed
Quest Diagnostics/Optum360 11,900,000
LabCorp 7,700,000
Clinical Pathology Associates 2,200,000
American Esoteric Laboratories 541,900
Carecentrix 500,000
Sunrise Medical Laboratories 427,000
BioReference Laboratories/Opko Health 422,600
CBLPath Inc. 148,900
Laboratory Medicine Consultants 147,600
Austin Pathology Associates 46,500
South Texas Dermatopathology PLLC 16,100
Pathology Solutions 13,300
Penobscot Community Health Center 13,000
Seacoast Pathology, Inc 10,000
Arizona Dermatopathology 7,000
Western Pathology Consultants 4,550
Laboratory of Dermatology ADX, LLC 4,240
Natera Unknown

 

Only a small percentage of the breach victims have had their financial information exposed. Those individuals have been notified by AMCA. All other individuals are likely to receive their notifications in the next few weeks.

AMCA has spent in excess of $3.8 million following the breach. Most of that money has been spent on breach notifications, hiring IT consultants, and investigating the breach. AMCA’s parent company has filed for Chapter 11 bankruptcy protection.

The breach is being investigated by state attorneys general and several senators have demanded answers. The HHS’ Office for Civil Rights will also be keen to investigate to determine whether HIPAA Rules were violated.