Laboratory Corp. of America Holdings, a medical lab that operates under the LabCorp name, said it was the victim of a massive data breach involving the same collection agency that was involved in the recent breach involving rival, Quest Diagnostics, according to a regulatory filing.
LabCorp, in a filing with the Securities and Exchange Commission, said that up to 7.7 million LabCorp customers had their data stored in the American Medical Collection Agency system. That agency informed LabCorp about unauthorized activity on the company’s web page between Aug. 1, 2018 and March 30, 2019.
The compromised data may include names, addresses, phone numbers, dates of service, provider names and balance information. In certain cases credit card numbers or checking account information may have also been exposed, according to the filing. Medical results were not revealed. The filing said that social security numbers and insurance information is not stored in the system.
LabCorp said it takes the incident seriously, has suspended any work with AMCA and is continuing to investigate the matter. A list of the impacted 200,000 consumers has not yet been provided by AMCA.
AMCA informed LabCorp that more than 200,000 customers, whose credit card or bank account numbers were possibly exposed are being notified. AMCA plans to offer 24 months of identity protection and credit monitoring services.