ANNAPOLIS, Md. — Your medical and other private information may have been compromised by a cyberattack against American Medical Collection Agency (AMCA), according to Maryland Attorney General Brian E. Frosh.
The AMCA is a third party collection agency for laboratories, hospitals, physician groups, medical providers and others.
The list of impacted people affects more than 20 million patients. The list is likely to expand and includes the following entities:
- Quest Diagnostics: 11.9 million patients
- LabCorp: 7.7 million patients
- BioReference Laboratories: 422,600 patients
- Carecentrix: 500,000 patients
- Sunrise Laboratories: unknown number of patients
The compromised information varies for each entity, but includes some or all of the following information:
- Patient name
- Date of birth
- Address
- Phone number
- Date of service
- Provider
- Balance information
- Payment card information
- Bank account information
- Social security number
- Your last lab test performed
The AMCA’s payment system was compromised on August 1, 2018, and remained vulnerable through March 30, 2019.
AMCA has started sending out written notices to consumers whose credit card number, social security number, or lab test order information may have been accessed.
Consumers who believe they may have been affected by this breach should immediately take the following steps to protect their information:
- Obtain a free credit report at www.annualcreditreport.com or by calling 877-322-8228.
- Put a fraud alert on your credit file.
- Consider a security freeze on your credit file (for more information about freezes, visit http://www.marylandattorneygeneral.gov/Pages/IdentityTheft/freezing.aspx.
- Take advantage of any free services being offered as a result of the breach.
- Use two-factor authentication on your online accounts whenever available.
If consumers feel they have been harmed and want to file a complaint, they may call the Attorney General’s Identity Theft Unit at 410-576-6491.