Hackers stole the personal, financial, and medical data of more than 20 million patients who had used the online payment portal of a US medical bill and debt collector. Here are some valuable lessons you can learn without having to experience a data breach.
A US medical bill and debt collector, American Medical Collection Agency (AMCA), was the target of a data breach that persisted for seven months. Hackers stole the data of more than 20 million patients who had used AMCA’s online payment portal between August 2018, and March 2019.
By examining this data breach, you can learn some valuable lessons without having to experience one firsthand.
The AMCA Fiasco
When monitoring the dark web marketplace, Gemini Advisory security analysts discovered a database for sale that contained compromised US payment cards with accompanying information such as social security numbers, birthdates, and medical information. Upon investigation, they found that the database was likely stolen from AMCA’s online payment portal.
The security analysts attempted to notify AMCA by phone on March 1, 2019, but they did not get any response from the messages they left. So, they immediately contacted a federal law enforcement agency, which contacted AMCA. AMCA officials then confirmed that they had been breached.
It wasn’t until the beginning of June that patients were notified. Soon thereafter, numerous lawsuits were filed against AMCA and two of its clients Quest Diagnostics and LabCorp. The lawsuits were filed for two main reasons:
The victims weren’t the only ones upset about the AMCA data breach. Two US senators, the attorneys general from at least three states (Connecticut, Illinois, and Michigan), and other officials have launched investigations. The senators, for example, sent letters to Quest Diagnostics and LabCorp demanding to know about their security processes and teams, why the breach was not detected sooner, and how they manage their vendors. The senators sent a similar letter to AMCA.
On June 17, AMCA’s parent company, Retrieval-Masters Creditors Bureau Inc., filed for bankruptcy as a direct result of the data breach. The company experienced a “severe drop-off in its business”, according to bankruptcy papers. Quest Diagnostics and LabCorp were its largest customers. Like many other clients, they terminated their business relationship with AMCA once they found out about the breach. The high costs incurred because of the breach was another reason why the company filed for bankruptcy.
You can learn some valuable lessons from the AMCA data breach:
Bad News for Most Everyone Involved
Data breaches are bad news for everyone involved, except the perpetrators. Customers are at risk of getting their money or identities stolen because their personal data is up for grabs. Companies can lose their customers, reputation, and money. Due these serious ramifications, businesses need to strengthen their security defenses as well as have incidence response plans in place. We can help by assessing your company’s security measures and formulating an effective strategy to defend against data breaches.