In an SEC filing, LabCorp disclosed that its vendor American Medical Collection Agency had a data breach that provided an unauthorized user access to AMCA's system between August 1, 2018 and March 30, 2019.
Two major diagnostics companies, Quest Diagnostics and LabCorp, were also impacted by the data breach.
Earlier this week it was announced that 11.9 million customers of diagnostic services giant Quest Diagnostics Incorporated were affected by the breach. According to Inmediata, the exposed data included patients' name, addresses, social security numbers, and other personal health information.
Also, a recent research report revealed that health care organizations suffered the highest number of data breaches in 2018 across any sector of the USA economy. Optum360 and Quest are inspecting the condition with forensic experts, Quest said. AMCA offers billing services for Optum360, a Quest contractor.More news: Blues' Sundqvist suspended for Game 3 of Stanley Cup Final
More news: Marcia Cross is ‘feeling back to normal’ after anal cancer
More news: Bharat Box Office Day 3 Collection (Friday Business Report)
Warner said he wanted more information about the company's vendor selection and due diligence process, sub-supplier monitoring, vendor evaluation policies and what it plans to do about its other vendors.
According to its website, AMCA is the "leading recovery agency for patient collection" and it is "managing over $1BN in annual receivables for a diverse client base", servicing "laboratories, hospitals, physician groups, billing services, and medical providers all across the country. Moreover, such breaches force victims to contend with identity theft that may lead to irreparable harm to their credit reports and financial futures, and to confront the real possibility that their confidential medical information and history has been exposed", Menendez and Booker wrote.
Mr. Booker and Mr. Menendez sent a similar letter Wednesday to Stephen Rusckowski, Quest's chairman and president, as did Sen. The AMCA also told Quest and Optum that it has been in contact with law enforcement about the incident.
Quest said that AMCA notified the company about "potential unauthorized activity" on its web payment page on May 14.