NEWARK, N.J. – U.S. Senators Bob Menendez and Cory Booker (both D-N.J.) today demanded answers from American Medical Collection Agency (AMCA), the third-party billing agency at the center of a data breach that has compromised the personal, financial and medical information of 20 million LabCorp, Quest Diagnostics, and Opko Health patients.
“Consumers should be able to have a reasonable expectation that, when they share their personal data with any company or its billing partner, such as AMCA, the data will be protected,” the senators wrote in a letter to AMCA President Russell Fuchs. “We must ensure that entities with access to patients’ personal, medical, and financial information understand their heightened duty to protect both the patient and their sensitive information, and that your company is taking both immediate and long-term steps to mitigate any harm.”
Earlier this week, Secaucus, N.J.-based Quest Diagnostics, the nation’s largest medical testing firm, reported a several months-long breach compromised the information of 12 million patients. LabCorp then reported a hack affected another eight million patients, and yesterday, it was revealed that over 400,000 Opko Health patients were victimized. All three companies contract with AMCA for their billing.
“Such breaches make private, personal and financial information vulnerable to criminals, leading to potential identity theft and irreparable harm to their credit reports and financial futures,” the senators continued. “The potential exposure of a patient’s private medical records presents additional challenges in which such information could be used against patients in a discriminatory manner.”
Sens. Menendez and Booker have already initiated separate inquiries with Quest and LabCorp to get a better understanding of the breach’s scope and any remediation the companies plan to provide to victims.
Sen. Menendez has authored a package of consumer protection bills aimed at safeguarding Americans’ personal information from data breaches and holding accountable those companies who fail to do so.
Sen. Menendez has consistently led the response to massive corporate data breaches, including at Target, eBay, Home Depot, Equifax, and others. He led the call for Senate hearings into the Equifax breach, urged a top-to-bottom review of all three major credit reporting agencies, and joined a bipartisan group of 34 senators calling for investigations by the Securities and Exchange Commission (SEC), Department of Justice (DOJ) and Federal Trade Commission (FTC) into stock sales and potential insider trading.
The full text of the letter is below and can be downloaded here:
June 7, 2019
Russell Fuchs
American Medical Collection Agency
4 Westchester Plaza, Suite 110
Elmsford, NY 10523
Dear Mr. Fuchs:
We are deeply troubled by reports that a massive, eight-month-long data breach impacted two of American Medical Collection Agency’s (AMCA) partners, Quest Diagnostics Inc. and LabCorp, compromising the personal, financial, and medical information of a combined nearly 20 million patients.
Such breaches make private personal and financial information vulnerable to criminals, leading to potential identity theft and irreparable harm to their credit reports and financial futures. The potential exposure of a patient’s private medical records presents additional challenges in which such information could be used against patients in a discriminatory manner.
Consumers should be able to have a reasonable expectation that, when they share their personal data with any company or its billing partner, such as AMCA, the data will be protected. Further, patients have a right to expect nothing more from laboratory testing than accurate results and a fair bill; a risk of identity theft should not be part of their testing experience.
We request information from your company to better understand how a breach of this magnitude occurred and the ultimate impact on patients. We must ensure that entities with access to patients’ personal, medical, and financial information understand their heightened duty to protect both the patient and their sensitive information, and that your company is taking both immediate and long-term steps to mitigate any harm.
In light of these concerns, please provide responses to the following:
10. During the period in which the breach occurred, how many times did AMCA conduct a security test to evaluate AMCA systems, and, if so, why did it fail to detect the breach? Has AMCA done one since, and what were the results?
We request that AMCA respond to this request no later than June 14, 2019. Thank you for your prompt attention to this important issue.
Sincerely,
###
See more
April 16, 2024
April 14, 2024
March 12, 2024