AMCA breach threatens patient records of another lab company

Investigators are identifying more healthcare laboratories that were victimized in the data breach at the American Medical Collection Agency earlier this year.

Clinical Pathology Laboratories in Texas is among those organizations affected by the breach, and it’s now sending out notifications to its 2.2 million patients, telling them that the incident is limited to AMCA’s information systems, contending that the security of CPL systems was not affected.

Clinical Pathology Laboratory-CROP.jpg

The AMCA breach now involves the records of millions of patients. Two of the largest lab organizations with which it has contracts—LabCorp and Quest Diagnostics—combined have records at risk for at least 20 million patients.

Also See: HiTrust helps move data security initiatives forward

Compromised data at CPL includes patient names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card or banking information, and provider treatment information.

“AMCA has advised CPL that its patients’ Social Security numbers were not involved in the incident,” CPL told patients. “CPL does not provide AMCA healthcare records such as laboratory results and clinical history. The impact of this incident is limited to patients whose accounts were referred for debt collection and who reside in the United States. As a result of the investigation, CPL is no longer using AMCA for collection efforts.”

In the letter, CPL gave patients information on eight ways to protect their personal information. Additional information on the incident was not immediately available.

For reprint and licensing requests for this article, click here.