NEW YORK – Clinical Pathology Laboratories said after the close of market on Monday that it had been notified by American Medical Collection Agency about unauthorized activity on that firm's web payment page. AMCA is an external collection agency used by CPL, as well as Quest Diagnostics and Laboratory Corporation of America, which last month said that the same data breach had exposed, respectively, 11.9 million and 7.7 million of of their customers to potential harm.
According to Austin, Texas-based CPL, the breach may have exposed the names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card or banking information, and treatment provider information of roughly 34,500 patients. Another 2.2 million patients may have had their names, addresses, phone numbers, dates of birth, dates of service, balance information, and treatment provider information exposed but not their credit card or banking information. According to AMCA, patient social security numbers were not affected.
CPL said that AMCA notified the company of the incident in May of 2019 but did not provide enough information for CPL to identify affected patients or identify the specific patient information involved. CPL said its investigation is ongoing.
CPL said it is no longer using AMCA for collection services as a result of the incident.