South Texas Dermatopathology Notifies 15,982 Patients About AMCA Data Breach

South Texas Dermatopathology is the last known victim of the data breach at American Medical Collection Agency (AMCA) to report the breach to the Department of Health and Human Services Office for Civil Rights (OCR) and notify affected patients. The breach appeared on the OCR breach portal on October 7, 2019 and indicates 15,982 patients have been affected.

AMCA was a business associate of the San Antonio, TX-based medical testing laboratory and provided billings and collection services. South Texas Dermatopathology was informed about the security breach at AMCA in May 2019 and was told that some of its patients’ information was potentially compromised as a result of the hacking of AMCA systems.

An unauthorized individual first gained access to AMCA systems on August 1, 2018. Access remained possible up to March 30, 2019 when the breach was detected and its systems were secured. During that time, the unauthorized individual had access to parts of AMCA systems that contained information such as names, addresses, phone numbers, dates of birth, balance information, dates of service, credit card or banking information and treatment provider information.

After learning about the breach, South Texas Dermatopathology stopped sending patient data to AMCA and terminated its business relationship with the firm. Another vendor is now provided billings and collection services.  All patients affected by the breach have now been notified.

HIPAA Journal has been tracking the AMCA breach reports and South Texas Dermatopathology is the last known victim to report the incident to OCR. In total, 24 laboratories and healthcare facilities have had patient data exposed as a result of the AMCA breach, which has now been confirmed to have involved the protected health information of 26,059,725 individuals.

The full list of healthcare organizations affected by the AMCA breach is listed below. The number of patients affected has been taken from the HHS’ Office for Civil Rights’ breach portal.

Healthcare Organization Confirmed Victim Count
Quest Diagnostics/Optum360 11,500,000
LabCorp 10,251,784
Clinical Pathology Associates 1,733,836
Carecentrix 467,621
BioReference Laboratories/Opko Health 425,749
American Esoteric Laboratories 409,789
Sunrise Medical Laboratories 401,901
Inform Diagnostics 173,617
CBLPath Inc. 141,956
Laboratory Medicine Consultants 140,590
Wisconsin Diagnostic Laboratories 114,985
CompuNet Clinical Laboratories 111,555
Austin Pathology Associates 43,676
Mount Sinai Hospital 33,730
Integrated Regional Laboratories 29,644
South Texas Dermatopathology LLC 15,982
Penobscot Community Health Center 13,299
Pathology Solutions 13,270
West Hills Hospital and Medical Center / United WestLabs 10,650
Seacoast Pathology, Inc 8,992
Arizona Dermatopathology 5,903
Laboratory of Dermatology ADX, LLC 4,082
Western Pathology Consultants 4,079
Natera 3,035
Total Records Breached 26,059,725


Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.