Victims of AMCA’s breach allege AMCA not helpful enough in incident response
The other day, I wondered aloud whether there was anything the American Medical Collection Agency (Retrieval Masters) could have done after they were hacked to keep their big clients like Quest Diagnostics and LabCorp.
An interesting report by Marianne Kolbasuk McGee on BankInfoSecurity suggests that there might have been. McGee reports that newly submitted court filings by Quest in response to AMCA’s bankruptcy filing complain about AMCA’s alleged lack of “cooperation and transparency” in the wake of the breach and the debt collector’s bankruptcy filing. According to Quest, their contractor, Optum:
… has, among other things, sought access to [AMCA’s] systems to independently assess the environment, access which [AMCA] has not fully granted; attempted to work with [AMCA] directly to recover the data; and sought to obtain assurances from the AMCA that the data will be maintained securely on an ongoing basis,” Quest writes in its court filing. “Unfortunately, Optum has informed Quest that the response from [AMCA’s] current management has been inadequate.”
Read more on BankInfoSecurity.
So was there still a window where AMCA could have been more responsive and kept its clients and business? There might have been.