ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/06/19/the-biggest-medical-data-breach-ever-led-amca-to-bankruptcy/
Medical services collection company American Medical Collection Agency (AMCA) has just filed for bankruptcy after data breach reported a few days ago, web applications security audits specialists report.
Reportedly, AMCA was hacked for about nine months, a fact that compromised the confidential information of AMCA’s business customers, including major industry companies such as Quest Diagnostics, LabCorp, Carcentrix, among others.
According to web applications security audits experts, at least 20 million people were affected by this incident; the report mentions that the hacker or hacker group infiltrated AMCA’s systems to extract sensitive information, including affected companies’ customer names, social security numbers and payment card details.
Information improperly extracted from the company’s systems was subsequently discovered for sale on dark web forums. Multiple class actions were filed against the company after the data breach was publicly disclosed. The plaintiffs claim that the company did not notify them in time, so they could do nothing to protect their personal information on their own.
Data protection regulators in the U.S. are investigating the incident and could impose future sanctions; moreover, Retrieval-Masters Creditors Bureau Inc. parent company of AMCA filed an application for bankruptcy protection.
According to AMCA’s statement, the company detected the security incident after a large number of credit cards began to be related to fraudulent activities.
According to web applications security audits experts, court documents mention that LabCorp ended its relationship with AMCA immediately after the data breach was reported; a few days after this, CareCentrix and Quest Diagnostics did the same. “The incident resulted in huge losses, the company could not overcome these expenses,” a court spokesman says. According to experts from the International Cyber Security Institute (IICS) the costs of cybersecurity and data protection services that the company had to absorb amount to more than $500k USD, without the costs of the legal process that the company
0 comments:
Post a Comment