The parent company of healthcare debt collection firm American Medical Collection Agency (AMCA) has filed for bankruptcy protection following a major breach which is thought to have affected as many as 20 million patients.
Its Chapter 11 filing in the Southern District of New York reveals the action was taken due to a “cascade of events” and “enormous expenses that were beyond the ability of the debtor to bear.”
These were precipitated by that eight-month breach, discovered in March this year, which affected millions of patients of clients including Quest Diagnostics, LabCorp and BioReference. These were customers of the medical testing firms who owed them money.
Data stolen by the hackers included payment card details, bank account information, personally identifiable information (PII) and lab test details, according to reports.
Russell Fuchs, CEO of parent company Retrieval-Masters Creditors Bureau, lent AMCA $2.5m to help pay for a mass mailing effort of breach notifications for users which is said to have cost $3.8m. Some $400,000 was apparently spent on IT services to help with the remediation and investigation of the incident.
The news of a debt collection business being short of cash will fill few neutral observers with sadness.
However, the breach itself threatens to plunge those debtors whose details were stolen into a nightmare of phishing attempts, identity theft and possible damage to their credit ratings.
That’s probably why lawmakers have stepped in. Democrat Senators Bob Menendez, Cory Booker, and Mark Warner wrote to Quest Diagnostics asking about the incident, which affected nearly 12 million of its patients.
“While I am heartened to learn that no evidence currently suggests Quest Diagnostic’s systems were breached, I am concerned about your supply chain management, and your third-party selection and monitoring process,” said Warner in his letter.