Data Breach: Almost 20 Million Patient’s Data Stolen in 2 Separate Medical Laboratory Data Breaches

Just a few days after Quest Diagnostics reported that a data breach compromised the information of 11.9 million patients, LabCorp is reporting that it was breached as well, affecting 7.7 million additional records.

What happened?

An unauthorized user installed malicious code on the payment pages of the American Medical Collection Agency (AMCA), a 3rd party merchant who collects payment information on behalf of medical testing/diagnostics companies. Once this code was installed, the information was skimmed using the malicious code. Among the data were credit card numbers, medical information and other personal data (including social security information). AMCA claims the malicious code was put in place as early as August 2018 until being discovered in March 2019.

AMCA Spokesperson Jennifer Kain said that AMCA was “investigating” the incident and said in a statement through Brunswick Group – “Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page.” – Source – TechCrunch

What can I do?

If you think you have been affected, you should follow the “Three M’s”, a tactic from CyberScout founder Adam Levin: Minimize Risk of Exposure, Monitor Effectively & Manage the Damage.

In a recent Fox Business article, he goes into more detail:

“In a case like Quest Diagnostics, Levin’s first course of action is to set up fraud alerts by contacting one of the credit protection agencies. Second, he suggests people seriously consider freezing their credit card so no one else has access to their credit for purposes of opening accounts under their name. Another tip Levin recommends is checking your credit report regularly to avoid any surprises on your score. “You should be tracking your credit scores in the event they take a sudden precipitous drop you can’t explain,” Levin told FOX Business’ Neil Cavuto. on Tuesday.

He also recommends signing up for transactional monitoring alerts which are provided free of charge by financial institutions to notify you any time there’s activity in your account.”

As always, feel free to reach out to SandStorm IT with any question regarding any type of online privacy or security questions. We can be reached at 901-475-0275.