Data breach at collection firm exposes details of 7.7 million


A third-party billing collections firm has suffered a data breach that has exposed sensitive data belonging to 7.7 million customers of healthcare diagnostics company, LabCorp.

The healthcare giant divulged on Tuesday of this week that the data breach may have exposed details including patient names, payment card details, medical provider details and further healthcare data.

LabCorp revealed that it recently received notification of a data breach that hit the American Medical Collection Agency (AMCA) between August 1st 2018 and March 2019. The news breaks in the same week as Quest Diagnostics confessed to a data breach at the AMCA which exposed 11.9 million patients’ sensitive details.

In its filing, LabCorp said:

“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance).

“LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

The AMCA is currently reaching out to around 200,000 LabCorp customers who may have had their financial details accessed, LabCorp said, adding that they are yet to receive a full list of customers that may have been impacted by the data breach.

LabCorp has stated that new collection requests to AMCA have now been stopped, and that AMCA work pending on requests linked to LabCorp customers have been suspended.

Regulators and enforcement agencies have spoken out against the IT vulnerabilities of the health care industry for many years, as the sphere has a demonstrable history of attacks from cyber criminals.

In 2015, the Anthem hack saw the exposure of 78.8 million individuals’ data, including names, social security numbers, phone numbers, email addresses, wage details and dates of birth.

LabCorp is yet to issue a formal response to the SEC filing, while AMCA are also yet to comment.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.