Yet another healthcare organization – Wisconsin Diagnostic Laboratories – has announced that it has been impacted by the American Medical Collection Agency (AMCA) data breach. The AMCA data breach has affected several healthcare organizations, with more organizations coming forward than was previously expected.
Wisconsin Diagnostic Laboratories (WDL), a 13-site network of lab facilities in eastern Wisconsin, performs over 5 million tests annually, from simple to complex.Â
WDL is now notifying approximately 150,000 patients about the AMCA data breach, as it is required to do under the HIPAA Breach Notification Rule.
In June of 2019, AMCA informed WDL that between August 1, 2018, and March 30, 2019, an unauthorized individual may have had access to AMCA’s system. This hacker gained access to a web portal payment page on August 1, 2018. The data breach was detected on March 30, 2019, and unauthorized access was then terminated.Â
Some of WDL patients’ protected health information (PHI) was contained in AMCA’s systems, including patient names, dates of birth, dates of medical services, names of lab or medical service providers, and names of referring doctors. Additional PHI contained in AMCA’s systems included data related to payment for healthcare in the form of balances owed to WDL. In some instances patient credit card and bank account information was found in AMCA’s systems.
AMCA informed WDL that the incident did not affect WDL’s computer systems, nor did it affect all WDL patients, but, rather, only certain patients who were subject to billing collections with AMCA. Only those patients who had outstanding bills that had already been passed to AMCA for collection were affected by the data breach.Â
WDL began mailing letters to affected patients on August 2, 2019, and has advised patients that if they believe they are affected and have not received a letter by September 5, 2019, they should call the number provided by WDL in the patient notification.
WDL has notified its patients that it has ceased doing business with AMCA, and that it is taking steps to retrieve and secure all WDL information contained in AMCA’s systems. WDL is now the 23rd healthcare provider to confirm that it has been impacted by the data breach, which has affected approximately 25 million individuals.
As is shown by the AMCA data breach, HIPAA data breaches can be costly and negatively affect your organization’s reputation. Making sure your organization has proper safeguards in place to protect PHI can ensure you are compliant with the HIPAA Security Rule, and in the process can save your organization from hefty fines, lawsuits, and bad publicity.Â
To address HIPAA cybersecurity requirements, Compliancy Group works with IT and MSP security partners from across the country. You can contract with these partners so that they can properly handle your HIPAA cybersecurity protection needs.