American Medical Collection Agency Files for Chapter 11 After Health Data Breach

Retrieval-Masters Creditors Bureau, the parent company of the American Medical Collection Agency, filed for Chapter 11 protection after an eight-month long system hack breached the personal, financial, and health data of up to 20 million Quest Diagnostics, LabCorp, and BioReference patients, according to Bloomberg.

Filed in the Southern District of New York, the petition explained that AMCA is seeking to liquidate its assets and liabilities worth up to $10 million due to a “cascade of events.”

After the breach, Retrieval-Masters Creditors Bureau CEO Russell Fuchs wrote in the court filing that the company has incurred “enormous expenses that were beyond the ability of the debtor to bear.” The company has spent $3.8 million to mail over 7 million individual notices to individual breach victims.

According to:

Another Healthcare Data Breach: What Can You Learn from IT?

By: Keith Barthold

All three companies in a recent, massive healthcare data breach—with a combined at-risk population of more than 20 million consumers—used American Medical Collection Agency (AMCA) as their third-party billing collections service provider, whose online payment pages are responsible for the massive data breach that exposed consumers’ financial, medical, and personal information.

Just when you hadn’t heard of a monster data/security compromise in months, you find out you’re just as vulnerable as ever and cyberthreats are even more sophisticated and aggressive.

The Good News

AMCA seems to have taken some responsible and significant steps to combat these breaches. They contacted the appropriate law enforcement agencies, suspended collection requests, and sent notices to several hundred thousand potentially affected consumers.

Furthermore, an AMCA spokesman confirmed  that, upon receiving information from a security compliance firm about the possible security compromise, “AMCA conducted an internal review and hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security.”

According to the disclosure statement sent to the SEC, the compromised information could include name, birth date, address, date of service, phone number, balance information, and payment information, but the system at risk does not store social security numbers or insurance identification data. It’s not as bad as it could have been.

The Not-So-Good News

AMCA should be commended for their post-breach remediation activity but there are some clear signposts of lack of security readiness by AMCA. In this instance, the criminals that breached AMCA were undetected for eight months until they identified the issue and started working on a solution. It seems that if they had used a comprehensive strategic security platform including breach detection 24/7/365 monitoring, the proper detection would have occurred much sooner.

These incidents are wake-up calls for collection companies who are using digital engagement mechanisms to interact with and collect payments from consumers. While some companies are looking to cut costs in these areas, it can lead to disasters. And those companies using third-party services for their billing and collections need to make sure that they are as safe, secure, and as highly monitored as possible.

In addition to all the reputational damage these companies are undergoing, multiple class action lawsuits have been field against Quest Diagnostics and LabCorp since they disclosed personal and medical customer information. On June 3, 11 class action suits were filed against Quest from multiple states. Since then, eight more were filed in federal courts.


The Best News

Whatever industry you’re in, you’ve got to know the risks. Healthcare, in particular, is especially susceptible to data breaches because of the amount and sensitivity of personal and financial data. It also tends to focus less on cybersecurity.

You have to develop the right game plan. Organizations need the technological infrastructure, the appropriate policies and procedures, and the commitment to the collective execution that it takes to be cyber secure in the world today. Companies that stay safe are the one that planned to stay safe and followed through with their plan.

You can win the cybersecurity battle. You just have to be alert, equipped, and consistent. Anything less and you’re facing a remediation and reputation nightmare like what’s facing AMCA, Quest, LabCorp, and many others.


Published with permission from DKBinnovative

FCC Votes to Allow Aggressive Robocall Blocking

The Federal Communications Commission voted 6-6-19 to allow phone carriers to start to take more aggressive steps to block suspected spam and scam calls and to make enrollment in their robocall-blocking services automatic, not something you have to opt in to.

Notably, the new FCC rule does not require the carriers to automatically enroll customers in robocall blocking—it merely allows them to do so, something they couldn’t before for legal liability reasons. A second part of the rule proposes protections from lawsuits for phone companies that mistakenly block a call that should have been allowed to go through.

Nor does the new rule specifically say that the services should be offered for free, although the FCC says it expects they will be.

These changes come at a moment when millions of Americans, feeling under seige from nonstop robocalls, have fundamentally changed the way they use their phones in the first place. A recent Consumer Reports survey found that 70 percent of respondents say they won’t answer a call if they don’t recognize the number that appears on their caller ID screen.

In fact, robocalls are the number one complaint to the Federal Trade Commission, one of the agencies that along with the FCC is in charge of regulating the telecom industry. In May there were 4.7 billion robocalls made—43 percent of them scam calls, according to YouMail, a robocall-blocking and tracking technology firm.

More Changes Ahead

The FCC rule also makes other consumer protections available and clarifies expectations regarding even tougher robocall-blocking technology.

For example, consumers will now be able to tell their carrier to block any calls that aren’t contained in their phone’s contact list. Known as whitelisting, this is considered a kind of nuclear option because it  could result in missing important calls, not just spam or scam ones.


Copyright 2018 Eventr. All rights reserved