And so it begins… state attorneys general investigating American Medical Collection Agency breach
From the Illinois Attorney General’s Office:
Chicago — Attorney General Kwame Raoul and Connecticut Attorney General William Tong today announced an investigation into the data breach at American Medical Collection Agency, which may have exposed the personal information of nearly 12 million patients of Quest Diagnostics (Quest) and 7.7 million Laboratory Corporation of America (LabCorp) patients.
Raoul and Tong issued letters this week to American Medical Collection Agency, Quest, and LabCorp requesting additional information about the recently reported data breach that compromised the health and financial data of potentially millions of patients. The breach was reportedly the result of malicious activity on the payment page of American Medical Collection Agency’s website. The company is a third-party collection vendor for the two medical testing companies.
“The last thing patients should have to worry about is whether their personal information has been compromised by the entities responsible for protecting it,” Raoul said. “I am committed to ensuring that impacted patients receive timely notification and that the companies involved take precautions to protect consumers’ sensitive health and financial information in the future.”
“Sensitive personal information of millions of patients may have been compromised, and I am deeply concerned about the adequacy of the plans in place to notify and protect all affected individuals. It is important to determine the cause of this serious data breach and what steps these companies are taking to ensure this does not happen again,” Tong said.
In the letters, Raoul and Tong are requesting each company provide the total number of residents in Illinois, Connecticut and nationwide affected by the breach; a breakdown of the categories of personal information compromised; and information describing how the companies intend to inform and protect impacted residents. Raoul and Tong are also seeking the facts and circumstances surrounding the breach, measures the companies had in place to protect patient data privacy, and plans to prevent a future breach.
Patients who may have been impacted by the breach should receive notification from one of the companies involved, as well as information detailing additional steps they should take.
Raoul encourages patients concerned that their personal information has been compromised to consider requesting a free security freeze from the three credit reporting agencies – Equifax, Experian, and TransUnion – in writing, over the phone or online. A security freeze can help prevent identity theft because most businesses will not open credit accounts without first checking a consumer’s credit history. Once a consumer freezes their credit files, even someone who has the consumer’s name and Social Security number will likely not be able to obtain credit in the consumer’s name. Credit bureaus cannot charge fees to place, lift, or temporarily lift a credit freeze. Additionally, Raoul recommends consumers monitor their credit regularly by requesting one free credit report annually from each of the credit reporting agencies.
And of course, some members of Congress have already sent inquiries to AMCA and the covered entities.