The American Medical Collection Agency (AMCA) has filed for bankruptcy after being unable to bear the costs of a massive data breach that compromised personal and financial information of nearly 20 million patients.
The breach of sensitive personal and financial information of millions of US citizens took place when hackers gained unauthorised access to the web payments page owned by AMCA between August 1, 2018 and March 30, 2019. AMCA collected payments on behalf of leading diagnostics firms in the US such as Quest Diagnostics, LabCorp, BioReference, Conduent, and CareCentrix.
A data breach that went on undetected for eight long months
Information compromised as a result of the unauthorised intrusion included first and last names, dates of birth, social security numbers, addresses, phone numbers, dates of service, providers, balance information, as well as credit card and bank account information of millions of people in the United States.
Leading US diagnostics firms Quest Diagnostics and LabCorp revealed in separate filings with the SEC that the unauthorised intrusion that lasted eight long months compromised personal and financial information of 11.9 million and 7.7 million of their patients respectively.
OPKO Health Inc., another major diagnostics firm operating in the United States, also revealed in a filing with the SEC that the AMCA data breach impacted personal and financial information of as many as 422,600 patients for whom BioReference, it's subsidiary, performed medical testing and diagnosis.
AMCA informed OPKO Health that out of the 422,600 patients, 6,600 patients may have suffered the loss of their credit card or bank account information that was stored in AMCA’s affected system. These patients will be offered identity protection and credit monitoring services for 24 months for free.
AMCA files for bankruptcy
On Monday, in a Chapter 11 filing with the New York Southern Bankruptcy Court, AMCA applied for bankruptcy protection, stating that it was unable to bear the financial costs of the massive breach of customer records that took place between August 1, 2018 and March 30, 2019.
Russell Fuchs, CEO of Retrieval-Masters Creditors Bureau, the parent company of AMCA, stated in the Chapter 11 filing that AMCA had incurred "enormous expenses that were beyond the ability of the debtor to bear" and that the company had spent up to $400,000 on hiring outside experts to investigate the breach and an additional $3.8 million on sending over 7 million individual notices to people affected by the breach.
As a result, AMCA intended to liquidate up to $10 million worth of assets and liabilities to pay for its breach-mitigation activities. This, even after CEO Fuchs lent $2.5 million to AMCA to help the firm with bearing the costs of individual mailings, says Bloomberg.
Bloomberg added that the debt recoveries firm learned about the data breach when it started receiving notices about a large number of credit cards tied to its web portal being used for fraudulent activities and that the company reduced its employee headcount drastically from 113 to just 25 by the end of 2018.