What is the threat?
The compromise of the American Medical Collection Agency (AMCA), a third-party bill collection vendor, has potentially impacted the personal data of over 20 million patients across three laboratory services providers.
Why is this noteworthy?
Personal data of 12 million patients from Quest Diagnostics, 7.7 million patients from LabCorp, and 400,000 patients from OPKO Health has been potentially compromised. All three laboratory services providers relied on AMCA to process portions of their consumer billing. Quest Diagnostics and LabCorp are two of the largest providers of medical testing services. (If you are not sure if any of your medical professionals use either of these services, you may want to inquire to get a better idea of your potential risk level.) The AMCA system contains sensitive data, including personally identifiable information, protected health information, medical information, social security numbers, credit card numbers, and bank account information.
What is the exposure or risk?
Medical-related information is a gold-mine for threat actors who can leverage it for financial gain, or use the personal and demographic information, financial statements, health details and insurance information for identity theft, insurance fraud, or even blackmail.
What are the recommendations?
-SKOUT recommends using best practices and common sense in protecting any personal information:
Avoid interacting with anyone who contacts you via email or phone to discuss your medical information or financial information. Do not enter any PII on any unsecure and unencrypted website
-All the standards apply in keeping your personal data safe, including securing your devices and networks, protecting your data online, protecting your identity, and protecting your credit.
SKOUT also recommends monitoring your credit cards and bank statements to ensure there are no unusual charges. Check your credit reports at least once a year to make sure there are no new requests for credit cards, loans, or any other incorrect information or suspicious activity on your account.
-Every American can get their reports once per year for free from: https://www.ftc.gov/faq/consumer-protection/get-my-free-credit-report
References:
For more in-depth information about these incidents, please visit the following links:
https://healthitsecurity.com/news/422k-bioreference-patients-included-in-amca-breach-mi-ag-investigates
If you have any questions, please contact our Security Operations Center.