Two more healthcare companies have announced that the personal information of some of their patients was compromised in a data breach at American Medical Collection Agency.
That brings the total number of healthcare providers that have disclosed their patients’ information was compromised in the breach to seven, and raises the total number of compromised records well over 22 million.
The records of more than 46,000 patients from Austin Pathology Associates and 7,000 patients from Arizona Dermatopathology were compromised, according to published reports.
The latest disclosures follow similar announcements from Clinical Pathology Laboratories, Inc., Quest Diagnostics, LabCorp, Penobscot Community Health Center, and Opko Health — which have announced that their customers and patients may have had their information stolen from the breach, which occurred when unauthorized individuals gained access to the AMCA’s web-based payments page for more than eight months. AMCA has subsequently filed for bankruptcy protection because of the costs associated with recovering from the breach. It is also facing class-action lawsuits and questions from state and federal lawmakers.
Like the other companies involved in the breach, Austin Pathology has announced it has ceased doing business with AMCA. Patients of Austin Pathology had their names, addresses, telephone numbers, dates of birth, dates of service, account balances, banking or credit card information, and provider details compromised, according to the report.
For those whose information was stolen, they become very likely targets of phishing attacks, according to a cybersecurity expert.
“With this type of stolen information, criminals can have a field day running personalized phishing campaigns,” said Stuart Reed, vice president of security firm Nominet. “For example, if they know you are a customer of Clinical Pathology Laboratories and have the dates you visited the lab and any remaining unpaid balance, that creates a perceived level of trust for victims, which can be used to run a whole range of online scams and extortion attacks.”