American Medical Collection Agency, Inc. (AMCA) and Laboratory Corporation of America Holdings (better known as LabCorp) find themselves facing a proposed class action following a months-long data breach that reportedly compromised the private information of about 200,000 patients.
LabCorp announced in a June SEC filing that AMCA, which collects payments on the medical testing company’s behalf, detected unauthorized activity on its payment webpage, the lawsuit says. Among the information that may have been stolen in the security breach was patients’ names, birth dates, Social Security numbers, medical information, and credit card and bank account information, LabCorp said in the filing. According to the complaint, the defendants negligently allowed hackers to access patients’ personal data from August 2018 through March 2019, when a cybersecurity firm reported that it had traced stolen data back to AMCA’s web portal. The suit argues that though the companies should have known about the breach by March 2019, they took no steps to notify potentially affected patients until the following June, and only did so by announcing the incident in the aforementioned SEC filing.
The lawsuit seeks to represent three proposed classes: a nationwide class of consumers whose sensitive information was compromised in the breach, plus two subclasses of New York and Florida residents.