Labcorp Agrees to $35M Settlement to Resolve AMCA Data Breach Litigation
A $35,000,000 settlement has been agreed to resolve a long-running class action lawsuit against Labcorp over a 2018 cybersecurity incident at American Medical Collection Agency. Laboratory Corporation of America Holdings (Labcorp), a provider of diagnostic testing services, had contracted with a company called Retrieval-Masters Creditor’s Bureau, Inc., which does business as American Medical Collection Agency (AMCA), to collect outstanding payments for Labcorp’s services.
On May 14, 2019, AMCA notified Labcorp about a cybersecurity incident that resulted in unauthorized access to Labcorp patients’ protected health information. Hackers had access to AMCA’s systems between August 2018 and March 2019, and potentially viewed or obtained some of their protected health information. The data breach affected multiple AMCA clients and resulted in the exposure of the protected health information of more than 25 million individuals, including the data of 10,251,784 Labcorp patients.
Multiple class action lawsuits were filed in response to the data breach, which were consolidated into a single action – In Re: American Medical Collection Agency, Inc. Customer Data Security Breach Litigation – In the U.S. District Court for the District of New Jersey. The lawsuit asserted several claims, including negligence and breach of contract, all of which were denied by Labcorp, which maintains that there was no wrongdoing and that any alleged injury or damage was not caused by the security incident or any act or omission by Labcorp.
After six years of hard-fought litigation, all parties agreed to a settlement, in recognition that the outcome and final result through a trial and related appeals would involve substantial additional risk and uncertainty, discovery, and extensive time and expense. The $35,000,000 settlement resolves the Labcorp track of the litigation, with the settlement class consisting of all individuals whose information was transmitted by Labcorp to AMCA and was contained in AMCA’s systems at the time of the data breach. The settlement fund will be used to pay attorneys’ fees and expenses, notice and administration costs, and service awards for the 21 class representatives. The remainder of the settlement fund will be used to pay claims for reimbursement of losses, claims for alternative cash payments, and the cost of medical and healthcare information monitoring services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
All class members are eligible to claim a two-year membership to the CyEx Medical Shield Pro medical and healthcare information monitoring service. A claim may also be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. Class members not wishing to submit such a claim may instead claim an alternative cash payment. The cash payments are estimated to be $50 per class member, but may be increased or decreased depending on the number of claims filed.
Individuals who do nothing will lose the opportunity to sue Labcorp over the data breach in the future. Benefits will only be paid to individuals who submit a claim. The deadline for objection to the settlement and exclusion is July 27, 2026. The deadline for submitting a claim is September 3, 2026, and the final fairness hearing has been scheduled for September 3, 2026. Further information can be found on the settlement website: https://www.amcadatabreachsettlement83395.com/
