Healthcare data breach html
I have no idea why I haven’t been seeing this massive healthcare data breach in the news, which impacts customers of companies like Quest Diagnostics and LabCorp. But when I saw a letter come in the mail from American Medical Collection Agency, I googled the company and….learned all about it. Particularly from a helpful article at Health IT Security.
Mainstream news does not seem to be running the story for some reason, or at least not prominently.
Who’s impacted by the healthcare data breach
Quest Diagnostics disclosed June 3 that 11.9 million customers may have had their medical and financial information exposed over an 8 month period due to a breach at American Medical Collection Agency (AMCA), a billing collections vendor.
The AMCA is the billings provider for Quest, LabCorp, Opko Health, which are the three companies impacted as of now. (AMCA also works with BioReference Laboratories, CareCentrix and Sunrise Laboratories) If you’ve ever gotten a bill from one of these companies, or owed even $3 in lab fees (or a lot more) to after fighting with your insurance company over payments and it went to collections, you are likely impacted.
The breach includes many as 20 million total accounts, with up to 7.7 million people from LabCorp and a smaller number from Opko.
What info do the hackers have?
The most likely information is access to personal info like address and birth date (of less importance), but more critically, credit card and bank account numbers, social security numbers, and private medical records like lab test order info.
When did this happen?
Evidently, the payment system was compromised back in August of 2018 through March of 2019. Even so, customers are just learning about it now.
One class action lawsuit against LabCorp alleges that the company “should have known of the data breach no later than March 2019, and although AMCA knew of it far earlier than that, neither took any steps to notify patients whose information was affected until June 4, 2019.” Separately, Quest notified customers June 3.
Opko Health only found out from AMCA that their records were involved, and notified customers June 6,
What you can do if you’re impacted by the healthcare data breach.
As with any data breach, you can’t do a lot, especially if your social security number was accessed, but you can join the class action suit you’ll want to take a few basic precautions
-Change passwords you may have with a lab company or other medical service. Be sure to make them strong.
-Consider starting to use a service like 1Password that not only encrypts and saves all your passwords, but helps you generate new ones in a snap. We’ve been saying this for years! (They’re now an affiliate, but we love them.)
-Take a good look at your bank and credit card statements going back to August 2018, just to be sure there are no suspicious charges. If there are, contact ur bank or credit card company immediately.
-Despite the cynical name, HaveIBeenPwnd.com is an excellent site for checking the security of your own info, just by typing in any email addresses you may use. Yours may be one of the 7 billion accounts affected over the years (yes, billion) if not with the AMCA medical data breach, then with others ranging from Whatsapp to Zappos to VIZIO, Target and more.
Forewarned is forearmed.
Top image Hush Naidoo on Unsplash