A pair of medical lab companies, Quest Diagnostics and LabCorp, announced this week that they have been victims of a data breach. Both companies suffered from an attack directed at a third-party collection agency, American Medical Collection Agency (AMCA).
Nearly 20 million patients’ information were exposed in the breach, which happened between August of 2018 and March 30 of this year. The information that was vulnerable included patient names, dates of birth, addresses, phone numbers, social security numbers, dates of service, providers and balance information.
LabCorp has also indicated that 200,000 of their customers had credit card or bank information on file with AMCA, and that information may have been accessed as well. LabCorp will reach out to these customers directly, and AMCA plans to offer those consumers identity protection and credit monitoring services for two years.
It is unclear if Quest customers had any payment information compromised.
BBB Serving Western Virginia offers the following tips for those possibly affected:
- When attempting to visit any web sites set up by AMCA, Quest, or Labcorp regarding the breach, make sure to go to the site directly. Do not click on a link from an email or social media message to get there. Use the same strategy if you receive a call indicating it is representing these businesses. Do not hesitate to hang up and call back on a number you can verify. Scammers are likely to use the information acquired in this breach to attempt to get even more information via fraudulent emails or calls.
- If a credit card has been compromised, you will likely hear from the bank or card issuer first. If you have questions, call the customer service number on your card.
- Consider putting a credit freeze or fraud alert on your credit reports with the three major credit reporting agencies (go.bbb.org/creditfreeze). A credit freeze will prevent anyone from accessing your credit report or scores. This means you cannot apply for new credit without lifting the freeze. A fraud alert flags your account but does not automatically halt new credit being opened in your name.
- Use AnnualCreditReport.com to check your credit report. Be wary of ads, emails, and social media messages for other services. Everyone should check their credit reports annually, whether or not they have been the victim of a data breach.
- Be proactive with your credit cards:
- Monitor your statements carefully (go online; don’t wait for the paper statement).
- If you see a fraudulent charge, report it to your bank or credit card issuer immediately so the charge can be reversed and a new card issued.
- Keep receipts in case you need to prove which charges you authorized and which ones you did not.
- If your debit card or bank account has been breached:
- Do all of the above as for credit cards, but pay very careful attention to your account. Debit cards do not always have the same protections as credit cards and debit transactions withdraw funds directly from your bank account.
- Contact your bank for more information, or if you want to preemptively request a new debit card or put a security block on your account.
