Breach at Collections Agency Exposed Healthcare and Financial Information
A data breach at American Medical Collection Agency has affected nearly 12 million patients who had lab tests performed by Quest Diagnostics. The incident, which appears to be the biggest health data breach to be revealed so far in 2019, exposed financial data, Social Security numbers and certain medical information, the lab test firm reports.
In a statement Monday, Secaucus, New Jersey-based Quest Diagnostics says AMCA, based in Elmsford, New York, informed the lab testing firm in May that an “unauthorized user” had access to AMCA’s system containing personal information the collections agency received from various entities, including from Quest.
Quest Diagnostics says AMCA provides billing collections services to revenue cycle management firm Optum360, whichis is a Quest contractor. “Quest and Optum360 are working with forensic experts to investigate the matter,” Quest Diagnostics says. Optum360 is a unit of the health insurance company UnitedHealth Group.
In its statement, Quest Diagnostics says AMCA first notified it and Optum360 on May 14 of potential “unauthorized activity” on AMCA’s web payment page.
“On May 31, 2019, AMCA notified Quest and Optum360 that the data on AMCA’s affected system included information regarding approximately 11.9 million Quest patients. AMCA believes this information includes personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results,” the Quest statement says.
The lab test firm says AMCA has not yet provided it, or Optum360, with complete information about the data security incident, including what information on which individuals may have been affected. And Quest Diagnostics reports that it has not been able to verify the accuracy of the information received from AMCA.
“Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA,” the lab test firm says in its statement. The company says it will work with Optum360 “to ensure that Quest patients are appropriately notified consistent with the law.”
AMCA, Quest and Optum360 did not immediately respond to Information Security Media Group’s requests for details on the breach, including the nature of the incident, the type of data exposed and whether additional AMCA clients may have been affected.
Largest Health Data Breach of 2019?
As of Monday, the incident was not yet listed on the Department of Health and Human Service’ HIPAA Breach Reporting Tool website that lists major health data breaches impacting 500 or more individuals. But if details of the AMCA incident are confirmed by HHS’ Office for Civil Rights, the health data breach would be the largest, by far, in 2019.
As of Monday, the largest breach added to the tally so far in this year was an incident impacting nearly 1.6 million individuals that involved a misconfigured server of Puerto Rico-based clearinghouse and cloud software services provider Inmediata Health Group.
No tags for this post.
Based Blockchain Network