The recent hack of the American Medical Collection Agency (AMCA) is having ripple effects around the world.
Recently it was reported that as a direct consequence of that hack, Quest Diagnostics (one of the largest diagnostic testing laboratory services in the United States) was breached. This resulted in the exposure of millions of patient records.
These records may have included Social Security numbers, payment card information, and personally identifiable medical information.
Now, a second report has surfaced, this time involving OPKO Health Inc, which maintains offices in more than thirty countries around the world. They've recently reported that one of their subsidiaries, BioReference laboratories, Inc has received the same notification the Quest Labs received. They've been breached, and as a result, more than 400,000 Opko Health Clients have had their personal and confidential data exposed.
Granted, this breach is not nearly as large or as sweeping as the recent Quest Labs breach. Taken together however, that leaves nearly 12 million patient records exposed. It hasn't been a good month for companies operating in the health care space, to say the least.
Part of the official statement released by AMCA reads as follows:
"AMCA advised that AMCA's affected system includes information provided by BioReference that may have included patient name, date of birth, address, phone, date of service, provider, and balance information. In addition, the affected AMCA system also included credit card information, bank account information (but no passwords or security questions) and email addresses that were provided by the consumer to AMCA.
AMCA has reported to BioReference that it is continuing to investigate this incident, has reported the AMCA Incident to law enforcement and has taken steps to increase the security of its systems, processes and data, including shutting down its web payments page, migrating it to a third-party vendor, and hiring a cybersecurity firm to implement various safeguards to increase security."
It's a fairly boilerplate response at this point, and scant consolation to the millions of patients who have now had their information exposed. Be on the lookout for a formal communication from BioReference if you've made use of them for testing.