June 05, 2019
LabCorp says the personal, financial and medical information of 7.7 million of its customers may have been affected by the same security breach that impacted rival clinical laboratory network Quest Diagnostics.
In documents filed with the the Securities and Exchange Commission on Tuesday, the LabCorp stated that customer information provided by the diagnostic network to the American Medical Collection Agency may have been hacked.
The American Medical Collection Agency is a third-party bill collector used by LabCorp, Quest Diagnostics, and other healthcare providers. On Monday, Quest Diagnostics revealed nearly 12 million of its customers may have had their personal and medical information compromised due to the same security breach.
The breach occurred between Aug. 1, 2018, and March 30, 2019 when an unauthorized user had access to the AMCA's system, the SEC filing stated.
Credit card and bank account information may have been breached for customers who used those methods to pay for their accounts. Other data that could be affected includes personal information, such as first and last names, dates of birth, addresses, phone numbers, dates of service, medical provider names, and account balances, LabCorp stated to the SEC.
Diagnostic information, lab results, and details about medical tests were not given to the AMCA, LabCorp said, and that information remains protected. And AMCA told LabCorp that insurance identification information and social security numbers are not stored by the bill collector and should not be compromised.
AMCA will contacting more than 200,000 LabCorp customers regarding the breach to start and provide them with more information, LabCorp said. The agency will offer them identify protection and credit monitoring services for 24 months.
LabCorp said it is no longer sending collection requests to the AMCA and has asked the company to stop working on any pending accounts.
Quest Diagnostics announced on Monday that 11.9 million customers were affected by the security breach. The company said that personal information, such as social security numbers, and even medical information may have been accessed.