Medical Collections Vendor Files For Bankruptcy Protection
Thursday, June 20, 2019
Things have become complicated regarding American Medical Collection Agency (AMCA), a collections firm used by several medical testing firms. After breach announcements by Quest Diagnostics and LabCorp earlier this month, more healthcare firms announced breach notices.
So, more than 20 million persons have been affected. ZD Net reported the patient totals by healthcare firm:
"Quest Diagnostics (11.9 million patients), LabCorp (7.7 million patients), BioReference Laboratories (Opko Health subsidiary, 422,600 patients), Carecentrix (500,000 patients), and Sunrise Laboratories (undisclosed number of patients)."
Now, we learn that AMCA has filed for bankruptcy protection:
"According to the Chapter 11 declaration (.PDF), filed with the court for the Southern District of New York, AMCA first became aware of a potential security incident when a disproportionate number of credit cards that interacted with the company's web portal were linked to fraudulent transactions... Cybersecurity forensics bills of roughly $400,000, IT support costs, severe restrictions that were put in place to protect AMCA's network from further intrusion, looming court cases, and the loss of valuable business partners have all taken their toll."
A "Chapter 11" bankruptcy means a reorganization, compared to a total liquidation under "Chapter 7." So, AMCA executives expect their company to survive.
ZD Net also reported that AMCA has paid more than:
"... $3.8 million to inform over seven million people who have potentially been impacted via mail. This figure alone is more than the company had to hand, forcing AMCA to take out a loan from the CEO and founder, Russell Fuchs, just to meet this expense. By filing for bankruptcy protection, the business will continue on as usual as AMCA seeks to pay off its creditors."
The costs highlight the consequences when companies fail to protect consumers' sensitive personal and payment data. The bankruptcy filing begs the next question: continue operating how effectively? Reportedly, AMCA has already cut its workforce from 155 to 25 employees. Usually under bankruptcy protection, a court decides which creditors get paid and whether they are paid in full -- including employees.
This scenario makes one wonder if AMCA can afford the ongoing expenses and resources necessary to harden its computer systems against intrusions, pay its employees, fully support data breach victims, and pay any post-breach fines. If AMCA can't pay its employees, it is probably already dead.
State Attorneys General from Connecticut and Illinois have opened investigations:
"Connecticut Attorney General William Tong and Illinois Attorney General Kwame Raoul announced [on June 7] they have opened an investigation into the data breach at American Medical Collection Agency... The attorneys general sent letters this week to American Medical Collection Agency, Quest Diagnostics, and LabCorp seeking the total number of U.S., Connecticut and Illinois residents affected by the breach, a breakdown of categories of personal information compromised, and information as to how the companies intend to inform and protect affected residents. The attorneys general are also seeking the facts and circumstances surrounding the breach, measures the companies had in place to protect patient data privacy, and plans to prevent the recurrence of a future breach..."
Posted by: George | Friday, June 28, 2019 at 04:03 PM