Further 185,000 Individuals Affected by AMCA Data Breach

Three more healthcare organizations have announced they have been affected by the data breach at American Medical Collection Agency (AMCA): West Hills Hospital & Medical Center in California, Inform Diagnostics, and CompuNet Clinical Laboratories.

The AMCA data breach was first announced more than two months ago. Most of the companies impacted by the breach were notified by AMCA in May/June that some of their patients’ data had potentially been compromised, but it has taken several weeks for those companies to be provided with sufficient information to make announcements and sent notification letters.

The breach at AMCA occurred between August 1, 2018 and March 30, 2019. During that period, an unauthorized individual had access to a web payment page, through which it was possible to obtain personal and financial information. Affected individuals had had their information passed to AMCA to collect outstanding bills for medical services.

The latest announcements bring the total number of companies known to have been affected to 21. It is not yet known how many patients of West Hills Hospital and Medical Center have been affected, but as it stands, the total victim count is at least 24,390,307. It may take several weeks before the final victim count is known and all of those individuals receive their breach notification letters.

West Hills Hospital and Medical Center

West Hills Hospital and Medical Center in West Hills, CA, uses a company called United WestLabs (UWL)to manage its reference laboratory. United WestLabs was informed by AMCA on June 12, 2019, that it had been impacted by the breach. Affected patients had their name, address, patient account number, amount owed, and service dates compromised. Some patients also had their credit or debit card number exposed.

AMCA has sent breach notification letters to all individuals whose financial information was exposed. All other affected West Hills patients are being notified by the hospital. West Hills Hospital and United WestLabs have now stopped using AMCA’s services.

Inform Diagnostics

Inform Diagnostics is an Irving, TX-based provider of pathology laboratory services. On June 30, 2019, the company was notified by AMCA’s holding company, Retrieval Masters Creditors Bureau, that personal and payment information had been accessed by a hacker. That information included first and last names, banking information, credit/debit card numbers, Social Security numbers, service dates, and names or referring physicians. 173,690 Inform Diagnostics patients are known to have been affected.

CompuNet Clinical Laboratories

Dayton, OH-based laboratory service provider CompuNet Clinical Laboratories was notified by AMCA on June 5, 2019 that the company had been affected by the breach.

The data exposed included names, dates of birth, service dates, medical service provider names, names of referring physicians, health insurance information, and other medical information. A subset of patients also had their Social Security number, credit/debit card number, and/or financial information exposed. Approximately 111,000 patients are known to have been affected.

Companies Known to Have Been Affected by the AMCA Data Breach

Healthcare Organization Records Exposed
Quest Diagnostics/Optum360 11,900,000
LabCorp 7,700,000
Clinical Pathology Associates 2,200,000
American Esoteric Laboratories 541,900
Carecentrix 500,000
Sunrise Medical Laboratories 427,000
BioReference Laboratories/Opko Health 422,600
Inform Diagnostics 173,690
CBLPath Inc. 148,900
Laboratory Medicine Consultants 147,600
CompuNet Clinical Laboratories 111,000
Austin Pathology Associates 46,500
South Texas Dermatopathology PLLC 16,100
Pathology Solutions 13,300
Penobscot Community Health Center 13,000
Seacoast Pathology, Inc 10,000
Arizona Dermatopathology 7,000
Western Pathology Consultants 4,550
Laboratory of Dermatology ADX, LLC 4,240
Natera 3,000
West Hills Hospital and Medical Center / United WestLabs Unknown
Total: 24,390,307

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.