Security News

American Medical Collection Agency Data Breach Lasted 8 Months and Affects Millions

Around 20 million people may have had their details compromised at the American Medical Collection Agency (AMCA), after a cyber breach that lasted eight months (Aug 1, 2018 - March 30, 2019).

The details were from patients who paid for work done at labs that used AMCA's billing portal, including Quest Diagnostics, LabCorp, BioReference Laboratories, Carecentrix, and Sunrise Laboratories. The data includes names, addresses, phone numbers, payment card details, bank account information and Social Security numbers.

The breach came to light in late February 2019, when Gemini Advisory identified "a large number of compromised payment cards while monitoring dark web marketplaces". Initial estimate suggested approximately 10,000 victims. However, that figure rose to 200,000 and "these records are continually being added to the dark web". AMCA initially admitted to the 200,000 figure, but when the list of testing laboratories grew, so did the number of patients who might be affected (between them, Quest and Labcorp have over 19 million patients).

At the time of writing, the pay.amcaonline.com website is down and reads, "Sorry: Our online payment system is unavailable at the moment."

If dealing with the breach isn't bad enough, US authorities are investigating the matter and dozens of lawsuits have been filed.

UPDATE: On June 18, The Register reported that "Retrieval Masters Creditors Bureau, aka American Medical Collection Agency, told the Southern New York US District Court this week that it was seeking chapter 11 bankruptcy protection. That means it's asked a judge to shield it for up to 18 months from creditors' lawsuits, in which money owed is demanded, while it gets its finances in order."

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join 916 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: