BreachExchange mailing list archives
Over 400, 000 Opko Health Clients Impacted by AMCA Data Breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 7 Jun 2019 05:15:13 -0500
https://www.bleepingcomputer.com/news/security/over-400-000-opko-health-clients-impacted-by-amca-data-breach/ Medical tests and medication firm OPKO Health Inc present in over 30 countries says that one of its subsidiaries, BioReference Laboratories Inc, was notified by American Medical Collection Agency (AMCA) of unauthorized activity on its web payment page. This new breach notification follows previous breach reports received by diagnostic services provider Quest Diagnostics Incorporated and Laboratory Corporation of America Holdings (LabCorp) from AMCA. In these two breaches alone, roughly 19 million of their customers having been impacted by unauthorized access to the companies' data stored on AMCA's systems. According to a filing with U.S. Securities and Exchange Commission (SEC), AMCA told the OPKO Health subsidiary that an unauthorized party accessed the BioReference medical test data of around 422,600 patients between August 1, 2018, and March 30, 2019. In addition, the accessed data also contained payment information and PII data: AMCA advised that AMCA’s affected system includes information provided by BioReference that may have included patient name, date of birth, address, phone, date of service, provider, and balance information. In addition, the affected AMCA system also included credit card information, bank account information (but no passwords or security questions) and email addresses that were provided by the consumer to AMCA. AMCA told BioReference that "no Social Security Numbers were compromised" in the breach and, according to the OPKO Health subsidiary "no laboratory results or diagnostic information" were provided and stored on AMCA systems. The SEC filing also states that AMCA will send breach notifications to "6,600 patients for whom BioReference performed laboratory testing" whose bank account and credit card info was stored on the breached systems. State attorneys general and other state agencies will also be notified by AMCA regarding the data breach "as required by applicable state data breach laws." Additionally, the billing collection provider reported the "AMCA Incident" to law enforcement agencies and shut down the breached web payments page: AMCA has reported to BioReference that it is continuing to investigate this incident, has reported the AMCA Incident to law enforcement and has taken steps to increase the security of its systems, processes, and data, including shutting down its web payments page, migrating it to a third-party vendor, and hiring a cybersecurity firm to implement various safeguards to increase security. As detailed by BioReference in the breach report filed with the SEC, no collections requests have been sent to AMCA since October 2018 and the company as also requested AMCA to "cease continuing to work on any pending collection requests involving BioReference patients." According to its website, AMCA is the "leading recovery agency for patient collection" and it is "managing over $1BN in annual receivables for a diverse client base," servicing "laboratories, hospitals, physician groups, billing services, and medical providers all across the country. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Over 400, 000 Opko Health Clients Impacted by AMCA Data Breach Destry Winant (Jun 07)