NEW YORK (360Dx) – Laboratory Corporation of America said after the close of the market on Tuesday that 7.7 million of its customers may have had their financial and/or personal information improperly accessed following a data breach.
In a regulatory document, the company said that it had been notified by American Medical Collection Agency about unauthorized activity on that firm's web payment page. AMCA is an external collection agency used by LabCorp, as well as Quest Diagnostics, which said on Monday that the same data breach had exposed 11.9 million of its customers to potential harm.
The breach occurred between Aug. 1, 2018 and March 30, 2019. Information that may have been compromised by the breach include patients' credit card or bank account information, which was provided to AMCA by LabCorp. Burlington, North Carolina-based LabCorp said it did not provide ordered test, lab results, or diagnostic information to AMCA. The collection agency told LabCorp that social security numbers and insurance identification information are not stored or maintained for the lab's customers.
AMCA is in the process of sending notices to about 200,000 LabCorp consumers whose credit card or bank account information may have been accessed as a result of the breach, LabCorp said in its document filed with the US Securities and Exchange Commission, adding AMCA will offer the 200,000 LabCorp patients identity and credit monitoring services for 24 months.
AMCA is continuing to investigate the incident "and has taken steps to increase the security of its systems, processes, and data," LabCorp said. It has stopped sending new collection requests to AMCA and stopped the collection agency from continuing work on pending collection requests involving LabCorp customers.