LabCorp, the medical testing company, disclosed Wednesday (June 5) that 7.7 million customers may have been impacted by the data breach that affected Quest Diagnostics customers.
In a Securities and Exchange Commission filing, LabCorp. said its billing vendor, American Medical Collection Agency (AMCA), is currently in the process of sending notices to about 200,000 LabCorp consumers whose credit card or bank account information may have been accessed in the breach. The billing vendor said the data of the 7.7 million potentially impacted customers include first and last name, date of birth, address, phone, date of service, provider and balance information.
AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA. The company said in the filing it has not provided any ordered test, laboratory results, or diagnostic information to AMCA. AMCA told LabCorp that Social Security Numbers and insurance identification information aren’t stored or maintained for LabCorp.
LabCorp went on to say in the filing that AMCA said it was investigating the incident and has taken steps to enhance the security of its systems and data. AMCA plans on providing affected LabCorp consumers with more information about the incident, and identity protection and credit monitoring services for two years. LabCorp said it ceased sending new collection requests to AMCA and stopped AMCA from continuing to work on any pending collection requests involving LabCorp consumers.
Earlier this week news broke that patient records numbering around 11.9 million were exposed in the data breach that also impacted Quest Diagnostics and UnitedHealth Group. Quest said in an SEC filing that AMCA informed Quest on May 14 that there was an eight-month breach in which a hacker had access to credit card numbers, bank accounts, Social Security numbers and medical information among other personal data. Quest also said it stopped working with AMCA in light of the breach.