Clinical Pathology Laboratories Inc. is the latest victim of a massive data breach that occurred at the American Medical Collection Agency, increasing the number of potentially affected patients to roughly 22 million.
Clinical Pathology Laboratories (CPL), based in Austin, Texas, notified patients of the AMCA breach and data security incident on July 12. According to the notification on the clinical laboratory’s website, AMCA notified CPL in May of the data breach but didn’t provide the organization with enough information at the time to identify potentially affected patients or the nature of patient information affected. Now, it is being reported that CPL says 2.2 million patients may have had their information stolen.
While its investigation is ongoing, CPL stated that based on information provided by AMCA, patient names, addresses, phone numbers, dates of birth, dates of service, balance information, credit card or banking information and treatment provider information could have been affected by the breach. Patient Social Security numbers were not affected, and CPL doesn’t share healthcare records such as laboratory results and clinical history with AMCA, according to the statement.
CPL’s statement indicates that the AMCA data breach is to blame for the sharing of patient data, not CPL systems. AMCA is a collections agency that works with laboratories, billing services, hospitals and medical providers across the nation.
CPL is the fourth medical testing company to come forward following the AMCA breach. Quest Diagnostics first reported that 11.9 million of its patients could have been affected, followed by Laboratory Corporation of America Holdings with 7.7 million patients and BioReference Laboratories, with 422,600 patients.
AMCA was first made aware of the breach in March, after an unauthorized user accessed AMCA’s systems through its web payments page between Aug. 1, 2018, and March 30, 2019. In the face of multiple lawsuits following the breach, AMCA has filed for Chapter 11 bankruptcy and has laid off a substantial amount of its workforce.