What to Know
- Blood testing provider LabCorp said late Tuesday it was a victim of the same data breach that affected its peer Quest Diagnostics
- Up to 7.7 million customers’ records potentially have been compromised
- Quest said it was told that as of May 31, information on roughly 11.9 million of its patients was stored on the affected system
Blood testing provider LabCorp said late Tuesday it was a victim of the same data breach that affected its peer Quest Diagnostics, with up to 7.7 million customers’ records potentially compromised.
Just like Quest, LabCorp was notified that there was unauthorized access to AMCA systems, a billing collections vendor the company uses, between Aug. 1, 2018, and March 30, 2019.
According to an SEC filing Tuesday night, data stored in the AMCA system from LabCorp includes consumers' credit card and bank account information, as well as first and last name, date of birth, address, phone, date of service, provider and balance information.
AMCA is in the process of sending notices to 200,000 LabCorp consumers whose credit card or bank account information may have been accessed, the filing read.
Quest, one of the biggest blood testing providers in the country, warned on Monday that nearly 12 million of its customers may have had personal, financial and medical information breached due to an issue with one of its vendors.
"(The) information on AMCA’s affected system included financial information (e.g., credit card numbers and bank account information), medical information and other personal information (e.g., Social Security Numbers)," Quest said in the filing.
While customers' broad medical information might have been compromised, Quest said AMCA did not have access to actual lab test results, and so therefore that data was not impacted.
Quest said it was told that as of May 31, information on roughly 11.9 million of its patients was stored on the affected AMCA system.
In a statement later Monday, the firm representing the American Medical Collection System said it was investigating the "data incident."
"Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page," the statement said. "We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security. We have also advised law enforcement of this incident. We remain committed to our system’s security, data privacy, and the protection of personal information."