A security breach at a billing company has resulted in nearly 20 million patients of LabCorp and Quest Diagnostics getting their information stolen from them. The breach was first disclosed Monday by Quest Diagnostics, which reported in a Securities and Exchange Commission filing that a breach at third-party collections vendor American Medical Collection Agency (AMCA) compromised 11.9 million customers. Today, LabCorp indicated that 7.7 million of its patients were also affected by the AMCA breach.
The attack targeted at AMCA’s website is just the latest in a series of breaches that have managed to skim personal information from major companies. Similar attacks hit British Airways, Ticketmaster and Newegg late last year.
According to Quest Diagnostics’ SEC filing, AMCA’s payment system was compromised on August 1, 2018 and remained vulnerable through March 30. Exposed information includes patient names, dates of birth, addresses, phone numbers, dates of service, providers and balance information. LabCorp disclosed that about 200,000 people also had their credit card or bank account information stolen. Medical data and laboratory test results were not exposed.