More healthcare organizations across the United States are coming forward and informing customers that they've been impacted by the data breach suffered by the American Medical Collection Agency (AMCA).
Those organizations who have come forward have all used the same press release template to notify customers. The only difference in the notice is the number of impacted customers and contact information for customers to call for more details.
The majority of patients had their name, address, phone number, birth date, dates of service, balance information, payment card or banking information, and treatment provider information compromised. Other patients had the same information compromised, minus any financial information.
Several organizations with more than 10,000 impacted patients notified customers last week, including the American Esoteric Laboratories, Sunrise Medical Laboratories, CBLPath, Laboratory Medicine Consultants, Austin Pathology Associates, South Texas Dermatology, and Pathology Solutions. These organizations make up 1,306,800 impacted victims and 34,000 victims with compromised financial/banking information.
Organizations with less than 10,000 impacted customers also notified victims, including the Laboratory of Dermatopathology ADX, Seacoast Pathology, Western Pathology Consultant, Arizona Dermatopathology, and Natera. These organizations make up 23,900 victims (Natera has not determined the number of impacted patients) and 1,890 victims with compromised financial details.
The AMCA breach surfaced early last month when two of its largest customers, LabCorp and Quest Diagnostics, filed 8-K forms with the U.S. Securities and Exchange Commission (SEC). 11.9 million Quest Diagnostics patients may have been impacted by the breach and 7.7 million LabCorp customers may have had their information compromised in the breach. It was later revealed that another 2.2 million Clinical Pathology Laboratories (CPL) may have also had their information stolen.
As companies continue to look to cut costs and outsource key responsibilities to third-parties, patient data will become increasingly more at risk to security incidents. The healthcare industry will always be a target for attackers given the breadth of information stored by such organizations. For healthcare organizations looking to strengthen their cybersecurity posture, consider NNT's solutions for the healthcare industry.
We combine the essential controls recommended by leading security frameworks like HIPAA HITECH and the CIS with a focus on change management. Once the controls are in place and organizations are able to correlate changes within their IT environment with an approved set of rules, these organizations will be better equipped to prevent and protect themselves and patients against all forms of risk.