In June 2019, American Medical Collection Agency (AMCA) reported a huge breach that affected more than 20 million patients and their related protected health Information (PHI).

The people affected are those who had laboratory work completed at various facilities but used AMCA’s billing portal to pay for those lab services.

Originally, Gemini Advisory discovered the issue in February 2019 and reported it to  Gemini Advisory discovered that the information from the breach was being sold on the dark net.  In this initial finding, there were about 8,000 victims.  However, upon further research, Gemini Advisory discovered the breach went back about 7 months and had affected more than 200,000 patients.

On March 1, 2019, Gemini attempted to contact AMCA, but did not receive a response.  The company then notified law enforcement who began an investigation.

As things have progressed and more investigations have happened, the number of victims began to rise rather quickly.  At one point, it was up to 7.7 million people affected by the breach.  Later, as more laboratories began reporting their findings, the total reached more than 20 million victims.

The different labs that were affected include LabCorp, Quest Diagnostics, and BioReference Labs, which is a subsidiary of OPKO Health, Inc.

The information that was breached may include patient names, dates of birth, mailing and email addresses, phone numbers, provider’s names, dates of service, and monetary amounts due.  Thankfully, the system did not store Social Security Numbers.

Because health care debt collectors often receive information about payment for health care, they are required to be HIPAA compliant like other business associates.  This is a good reminder for all business associates, whether they are health care debt collectors or not, to ensure they are taking all the steps necessary to protect their patients’ or customers’ PHI.

Join HIPAAgps today to learn what steps to take to protect your patients’ information.  We offer a 7-day risk-free trial to get you started.