The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Further 185,000 Individuals Affected by AMCA Data Breach

Posted By on Aug 8, 2019

Three more healthcare organizations have announced they have been affected by the data breach at American Medical Collection Agency (AMCA): West Hills Hospital & Medical Center in California, Inform Diagnostics, and CompuNet Clinical Laboratories.

The AMCA data breach was first announced more than two months ago. Most of the companies impacted by the breach were notified by AMCA in May/June that some of their patients’ data had potentially been compromised, but it has taken several weeks for those companies to be provided with sufficient information to make announcements and sent notification letters.

The breach at AMCA occurred between August 1, 2018 and March 30, 2019. During that period, an unauthorized individual had access to a web payment page, through which it was possible to obtain personal and financial information. Affected individuals had had their information passed to AMCA to collect outstanding bills for medical services.

The latest announcements bring the total number of companies known to have been affected to 21. It is not yet known how many patients of West Hills Hospital and Medical Center have been affected, but as it stands, the total victim count is at least 24,390,307. It may take several weeks before the final victim count is known and all of those individuals receive their breach notification letters.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

West Hills Hospital and Medical Center

West Hills Hospital and Medical Center in West Hills, CA, uses a company called United WestLabs (UWL)to manage its reference laboratory. United WestLabs was informed by AMCA on June 12, 2019, that it had been impacted by the breach. Affected patients had their name, address, patient account number, amount owed, and service dates compromised. Some patients also had their credit or debit card number exposed.

AMCA has sent breach notification letters to all individuals whose financial information was exposed. All other affected West Hills patients are being notified by the hospital. West Hills Hospital and United WestLabs have now stopped using AMCA’s services.

Inform Diagnostics

Inform Diagnostics is an Irving, TX-based provider of pathology laboratory services. On June 30, 2019, the company was notified by AMCA’s holding company, Retrieval Masters Creditors Bureau, that personal and payment information had been accessed by a hacker. That information included first and last names, banking information, credit/debit card numbers, Social Security numbers, service dates, and names or referring physicians. 173,690 Inform Diagnostics patients are known to have been affected.

CompuNet Clinical Laboratories

Dayton, OH-based laboratory service provider CompuNet Clinical Laboratories was notified by AMCA on June 5, 2019 that the company had been affected by the breach.

The data exposed included names, dates of birth, service dates, medical service provider names, names of referring physicians, health insurance information, and other medical information. A subset of patients also had their Social Security number, credit/debit card number, and/or financial information exposed. Approximately 111,000 patients are known to have been affected.

Companies Known to Have Been Affected by the AMCA Data Breach

Healthcare Organization Records Exposed
Quest Diagnostics/Optum360 11,900,000
LabCorp 7,700,000
Clinical Pathology Associates 2,200,000
American Esoteric Laboratories 541,900
Carecentrix 500,000
Sunrise Medical Laboratories 427,000
BioReference Laboratories/Opko Health 422,600
Inform Diagnostics 173,690
CBLPath Inc. 148,900
Laboratory Medicine Consultants 147,600
CompuNet Clinical Laboratories 111,000
Austin Pathology Associates 46,500
South Texas Dermatopathology PLLC 16,100
Pathology Solutions 13,300
Penobscot Community Health Center 13,000
Seacoast Pathology, Inc 10,000
Arizona Dermatopathology 7,000
Western Pathology Consultants 4,550
Laboratory of Dermatology ADX, LLC 4,240
Natera 3,000
West Hills Hospital and Medical Center / United WestLabs Unknown
Total: 24,390,307

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist