LANSING, Mich. — Three companies will be receiving letters demanding information about a data breach that has affected 12 million people around the country per Michigan Attorney General Dana Nessel.
Nessel made the announcement Wednesday saying the breach has involved at least three companies, American Medical Collection Agency (AMCA), Quest Diagnostics and Optum360.
The breach has affected 12 million of Quest's patients, whose personal information was maintained by AMCA. At this time, it does not appear that AMCA has provided any public notice of this breach.
AMCA is a New York-based company that provides medical debt collection services to health providers including Quest Diagnostics. Optum360 contracted with AMCA to provide services to Quest Diagnostics.
According to information reported publicly by Quest Diagnostics on June 3, they were notified of the breach by AMCA on May 14 and were provided with the number of impacted patients on May 31.
Quest Diagnostics said it has not yet received detailed or complete information from AMCA, including the names and addresses of affected patients.
"This data breach is yet another example of how fragile our information infrastructure is, and how vulnerable all of us are to cyber hacking," Attorney General Dana Nessel said. "And here in Michigan, we continue to rely on media reports that alert us to these terrible situations because - unlike most other states - we have no law on the books that requires that our office be notified when a breach occurs. I am determined to get information quickly and accurately to take steps to protect our residents."
Nessel's office determined that Quest Diagnostics reported to the US Securities and Exchange Commission that between Aug. 1, 2018 and March 30, 2019, an unauthorized user had access to AMCA's system, which included financial information like credit card numbers and bank account information, medical information and other personal information including social security numbers.
"This breach is particularly troubling for several reasons,” said Nessel. “First, it appears this is a deliberate hack that increases the likelihood that accessed information may be used to commit fraud.
Next, for more than seven months it appears this hacker may have had access to very personal, highly sensitive information that includes not only social security numbers, credit card and bank account numbers, but may have also included information from health care providers. Finally, Quest is only one of AMCA’s medical clients, so it is possible that patient information from other healthcare providers may have also been breached. We have no idea how far and wide this breach has gone.”
Consumers who believe they may have been affected by this breach should immediately take the following steps to protect their information:
• Find out what information was compromised and act accordingly.
• Pull your free credit report at annualcreditreport.com or by calling 877-322-8228.
• Put a fraud alert on your credit file. The Federal Trade Commission provides a checklist for this.
• Consider a security freeze on your credit file.
• Take advantage of any free services being offered as a result of the breach.
• Use two-factor authentication on your online accounts whenever it’s available.
For more information on what to do during a data breach, review the Michigan Attorney General's consumer alert on data breaches here.
Stay in touch with us anytime, anywhere.
Sign up for newsletters emailed to your inbox.
Select from these options: Breaking News, Severe Weather, School Closings, Daily Headlines and Daily Forecasts.