"Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients' personal, medical and financial information", the company stated.
Three companies will be receiving letters demanding information about a data breach that has affected 12 million people around the country per Michigan Attorney General Dana Nessel.
We don't yet know how expansive the breach really is: AMCA also works with various entities, including health insurers.
From August 1, 2018 to March 30, 2019, an "unauthorized user" had access to various personal information taken from AMCA's system, Quest Diagnostics says in the Securities Exchange Commission document.
Among the patient information possibly compromised in the LabCorp breach are the first and last names, dates of birth, addresses, phone numbers, dates of service, providers and balance information. AMCA specializes in collecting overdue payments from people who haven't paid their medical bills, and the AMCA website says its clients include "hospitals", "physician groups" and "third-party providers" as well as clinical labs.
Quest said that AMCA notified the company about "potential unauthorized activity" on its web payment page on May 14. AMCA is notifying them and will offer them "identity protection and credit monitoring services for 24 months".
LabCorp disclosed the breach in a filing with the U.S. Securities and Exchange Commission on Tuesday, one day after Quest Diagnostics announced almost 12 million of its patients had data exposed in the same incident. In its announcement Monday, Quest said the breach may have exposed some of its patients' Social Security numbers.
LabCorp, like Quest, has suspended sending collection requests to AMCA. Quest said it has referred 11.9 million customers to AMCA.
The largest hack involving medical data occurred in 2014, when hackers infiltrated the servers of the health insurance company Anthem, compromising the personal information of 79 million people.
Quest also said it has stopped using AMCA for billing and that it was using "forensic experts" to examine the issue.