The medical billing services provider, American Medical Collection Agency (AMCA), had its web payment page breached which released personal information on almost 12 million patients of Quest Diagnostics. An unauthorized user was able to gain access to the site and remained in the site from August 22nd, 2018 through March 30th, 2019. AMCA notified Quest Diagnostics of the breach on May 14th, 2019 and Quest immediately suspended sending collection requests to AMCA. Quest also notified federal authorities and started to work with third-party contractors to assess the impact and scope of the incident. The information that was potentially stolen includes medical information, Social Security numbers, banking details, and credit card numbers of patients. AMCA states that they are performing an internal review to find out how the breach took place. They have also taken down the web payment page and began using a third-party to handle payments.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased