Tuesday, March 2

Debt Collection Agency Breach Exposes Data From Millions of Diagnostic Patients

In today’s digital world, we’re constantly trying to make data more convenient to access. Edge computing and mobile data centers, for instance, allow for expanded location options and make it possible for companies to move these resources virtually anywhere in the world. Coupled with liquid immersion cooling — which can also improve data center design, location, and rack density — these improvements make it possible for users to obtain data at lightning-fast speeds.

Unfortunately, that may also mean that this data is more vulnerable than ever. Whether mobile data centers are utilized or not, security breaches are becoming more common all the time. We’re all too willing to connect to a public WiFi connection, enter our passwords and credit card information, and send emails containing sensitive personal information — all in the name of ease and speed.

Even when we personally take all of the necessary precautions, it’s entirely possible that the companies we trust to be compliant won’t do their due diligence. That’s essentially what happened with a recent breach experienced by Quest Diagnostics and LabCorp, two medical testing companies that relied on the same debt collection agency.

In 2016, debt collection agencies throughout the U.S. recovered approximately $78.5 billion in debt. However, American Medical Collection Agency — which is known as a particularly aggressive agency responsible for collecting money owed to a variety of businesses — ended up losing highly valuable information during a recent breach. Quest Diagnostics reported that some 11.9 million patients may have had their private information accessed, while competitor LabCorp has revealed that approximately 7.7 million of their patients may have been affected in the breach. Although laboratory test results were not included in the exposed information, consumers have been informed that other medical information (along with Social Security numbers and other financial data) may have been.

AMCA notified Quest Diagnostics on May 14 of “potential unauthorized activity on AMCA’s payment page,” and followed up on May 31 to notify them of the possible consumer information exposure. The collection agency has not yet provided Quest with detailed information as to what may have been included in the breach. Considering that Quest reportedly serves one in three American adults, as well as half of all physicians and hospitals in the U.S., the company is understandably concerned with the magnitude of the breach. Quest has since suspended the sending of any debt collection calls or letters through AMCA.

Following the news of the Quest breach, LabCorp filed a report with the U.S. Securities and Exchange Commission detailing information of a breach at AMCA that took place between August 1, 2018 and March 30, 2019 — several months before Quest was ever notified of any suspicious activity. LabCorp noted that exposed patient information could include names, dates of birth, addresses, phone numbers, health providers, dates of service, balance information, and payment data (including bank account and credit card information provided by the end consumer to AMCA). LabCorp does not store Social Security numbers or insurance identification information, nor does it provide lab or diagnostic information to AMCA, so the company maintains that this data remains protected. AMCA has not provided a list of affected LabCorp customers or additional information about the breach.

This latest breach shows what so many others have demonstrated: that data exposure can happen to just about anyone. If you’ve been informed your information is at risk, you should contact your credit reporting agency to place a fraud alert on your credit report. Contact your bank and credit card companies, as well as blocking any fraudulent charges to ensure these won’t show up on your credit report (you won’t have to freeze your accounts to take this step, either). If the affected company has offered to help in any way, take them up on their offer. Change all your passwords, file your taxes early, and monitor all of your accounts closely. While these events can be scary, the fact that they’re so common means that they may not be the end of the world. As long as you keep a sharp eye and contact every company you can, it’s possible to obtain a less-than-catastrophic outcome. That said, businesses need to do a better job of protecting their customers (even the ones who owe them money) from harm in the first place.

Leave a Reply