Hackers Hit LabCorps Patients
Medical testing giant LabCorp announced this week that hackers may have gotten personal data on about 7.7 million of its customers.
At issue is data LabCorp transmitted to the American Medical Collection Agency, in Elmsford, N.Y., the same agency that is implicated in the just-revealed breach involving Quest Diagnostics patient data. LabCorp is based in Burlington, N.C.
According to LabCorp, the data pilfered from the agency could include its patients’ names, dates of birth, addresses, phone numbers, service dates, health care providers and payment balances.
Patients who tried to pay what they owed using the collection agency’s web-payment page are being contacted, since about 200,000 LabCorp users’ credit card or bank account information may have been stolen, LabCorp said. This smaller group of patients will be offered identity-theft protection and credit-monitoring services for two years, LabCorp officials said.
The hacking took place over eight months, from August 2018 through March, LabCorp said.
The company reported the breach Tuesday to the Securities and Exchange Commission (SEC).
The firm “takes data security very seriously, including the security of data handled by vendors,” LabCorp said in a statement to the SEC. It also said it has stopped the collections agency from handling pending cases and is not sending it new ones.
According to LabCorp, it did not give the collections agency any medical test orders, lab results or diagnostic information. And the collections agency has said it does not store LabCorp users’ Social Security numbers or their insurance identification data.
LabCorp serves hundreds of thousands of customers in the U.S., with nearly 2,000 patient service centers and more than 6,000 in-office workers to draw patients’ blood.