The breach of web payment pages owned by AMCA (American Medical Collection Agency) by unnamed hackers that compromised personal and financial information of nearly 20 million patients, may also have compromised similar details of 422,600 more patients who underwent medical testing and diagnosis by BioReference, a subsidiary of OPKO Health Inc.
This was revealed by OPKO Health in a filing with the U.S. Securities and Exchange Commission in which the medical testing and diagnostics firm stated that it was informed about the data breach by AMCA on the 3rd of June and has ceased working with AMCA until investigations into the data breach are completed.
AMCA collects payments from patients on behalf of leading medical testing and diagnostics firms in the U.S. such as Quest Diagnostics, LabCorp, and Opko Health and also provides various services to a large number of laboratories, hospitals, physician groups, billing services, and medical providers across the US.
AMCA data breach impacted almost 20 million patients
The breach of sensitive personal and financial information of millions of US citizens took place when hackers gained unauthorised access to the web payments page owned by AMCA between August 1, 2018 and March 30, 2019. After the breach was detected, AMCA took down the affected web payments page, conducted an internal review, hired a third-party external forensics firm to investigate any potential security breach, and informed law enforcement about the incident.
Leading US diagnostics firms Quest Diagnostics and LabCorp revealed in separate filings with the SEC that the unauthorised intrusion that lasted eight long months compromised personal and financial information of 11.9 million and 7.7 million of their patients respectively.
Information compromised due to the unauthorised intrusion included first and last names, dates of birth, social security numbers, addresses, phone numbers, dates of service, providers, balance information, as well as credit card and bank account information.
422,600 OPKO Health patients impacted as well
OPKO Health Inc., another major diagnostics firm operating in the United States, recently revealed in a filing with the SEC that the data breach also impacted personal and financial information of as many as 422,600 patients for whom BioReference, its subsidiary, performed medical testing and diagnosis.
“AMCA has advised BioReference that data for approximately 422,600 patients for whom BioReference performed testing was stored in the affected AMCA system. AMCA advised that AMCA’s affected system includes information provided by BioReference that may have included patient name, date of birth, address, phone, date of service, provider, and balance information.
“In addition, the affected AMCA system also included credit card information, bank account information (but no passwords or security questions) and email addresses that were provided by the consumer to AMCA. AMCA has advised BioReference that no Social Security Numbers were compromised, and BioReference provided no laboratory results or diagnostic information to AMCA. BioReference has not been able to verify the accuracy of the information received from AMCA,” the firm said.
AMCA informed OPKO Health that out of the 422,600 patients, 6,600 patients may have suffered the loss of their credit card or bank account information that was stored in AMCA’s affected system. These patients will be offered identity protection and credit monitoring services for 24 months by AMCA.
“BioReference and the Company take data security very seriously, including the security of data handled by vendors. BioReference is currently seeking to obtain more information from AMCA and plans to promptly take additional steps as may be appropriate once more is known about the AMCA Incident.
“BioReference has not sent any collection requests to AMCA since October 2018, and it will not send any new collection requests to AMCA. In addition, BioReference has requested that AMCA cease continuing to work on any pending collection requests involving BioReference patients,” OPKO Health added.