LabCorp, American Medical Collection Agency Slammed with Class Action in Wake of Data Breach [UPDATE]

New to ClassAction.org? Read our Newswire Disclaimer

American Medical Collection Agency, Inc. (AMCA) and Laboratory Corporation of America Holdings (better known as LabCorp) find themselves facing a proposed class action following a months-long data breach that reportedly compromised the private information of about 200,000 patients.

LabCorp announced in a June SEC filing that AMCA, which collects payments on the medical testing company’s behalf, detected unauthorized activity on its payment webpage, the lawsuit says. Among the information that may have been stolen in the security breach was patients’ names, birth dates, Social Security numbers, medical information, and credit card and bank account information, LabCorp said in the filing. According to the complaint, the defendants negligently allowed hackers to access patients’ personal data from August 2018 through March 2019, when a cybersecurity firm reported that it had traced stolen data back to AMCA’s web portal. The suit argues that though the companies should have known about the breach by March 2019, they took no steps to notify potentially affected patients until the following June, and only did so by announcing the incident in the aforementioned SEC filing.

The suit charges that LabCorp failed to uphold its privacy policy’s promise that patient data would not be accessed by anyone other than authorized employees and third-party billing operations vendors. Moreover, the companies violated their duty under the Health Insurance Portability and Accountability Act (HIPAA) to protect patients’ medical information, the case claims.

The lawsuit seeks to represent three proposed classes: a nationwide class of consumers whose sensitive information was compromised in the breach, plus two subclasses of New York and Florida residents.