South Texas Dermatopathology Notifies 15,982 Patients About AMCA Data Breach
South Texas Dermatopathology is the last known victim of the data breach at American Medical Collection Agency (AMCA) to report the breach to the Department of Health and Human Services Office for Civil Rights (OCR) and notify affected patients. The breach appeared on the OCR breach portal on October 7, 2019 and indicates 15,982 patients have been affected.
AMCA was a business associate of the San Antonio, TX-based medical testing laboratory and provided billings and collection services. South Texas Dermatopathology was informed about the security breach at AMCA in May 2019 and was told that some of its patients’ information was potentially compromised as a result of the hacking of AMCA systems.
An unauthorized individual first gained access to AMCA systems on August 1, 2018. Access remained possible up to March 30, 2019 when the breach was detected and its systems were secured. During that time, the unauthorized individual had access to parts of AMCA systems that contained information such as names, addresses, phone numbers, dates of birth, balance information, dates of service, credit card or banking information and treatment provider information.
After learning about the breach, South Texas Dermatopathology stopped sending patient data to AMCA and terminated its business relationship with the firm. Another vendor is now provided billings and collection services. All patients affected by the breach have now been notified.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
HIPAA Journal has been tracking the AMCA breach reports and South Texas Dermatopathology is the last known victim to report the incident to OCR. In total, 24 laboratories and healthcare facilities have had patient data exposed as a result of the AMCA breach, which has now been confirmed to have involved the protected health information of 26,059,725 individuals.
The full list of healthcare organizations affected by the AMCA breach is listed below. The number of patients affected has been taken from the HHS’ Office for Civil Rights’ breach portal.
| Healthcare Organization | Confirmed Victim Count |
| Quest Diagnostics/Optum360 | 11,500,000 |
| LabCorp | 10,251,784 |
| Clinical Pathology Associates | 1,733,836 |
| Carecentrix | 467,621 |
| BioReference Laboratories/Opko Health | 425,749 |
| American Esoteric Laboratories | 409,789 |
| Sunrise Medical Laboratories | 401,901 |
| Inform Diagnostics | 173,617 |
| CBLPath Inc. | 141,956 |
| Laboratory Medicine Consultants | 140,590 |
| Wisconsin Diagnostic Laboratories | 114,985 |
| CompuNet Clinical Laboratories | 111,555 |
| Austin Pathology Associates | 43,676 |
| Mount Sinai Hospital | 33,730 |
| Integrated Regional Laboratories | 29,644 |
| South Texas Dermatopathology LLC | 15,982 |
| Penobscot Community Health Center | 13,299 |
| Pathology Solutions | 13,270 |
| West Hills Hospital and Medical Center / United WestLabs | 10,650 |
| Seacoast Pathology, Inc | 8,992 |
| Arizona Dermatopathology | 5,903 |
| Laboratory of Dermatology ADX, LLC | 4,082 |
| Western Pathology Consultants | 4,079 |
| Natera | 3,035 |
| Total Records Breached | 26,059,725 |
