15,982 Patients of South Texas Dermatopathology Notified About the AMCA Data Breach

by

South Texas Dermatopathology is the last identified casualty of the American Medical Collection Agency (AMCA) data breach. It has reported the data breach to the Department of Health and Human Services Office for Civil Rights (OCR) and informed the affected patients. The OCR breach portal has published information about the breach on October 7, 2019 indicating 15,982 patients were impacted.

AMCA was a business associate of South Texas Dermatopathology, a medical testing laboratory based in San Antonio, TX and provided the company with billings and collection services. In May 2019, South Texas Dermatopathology knew about the breach at AMCA and was informed about the potential compromise of some of its patients’ data because of the AMCA systems hacking.

An unauthorized person first accessed the AMCA systems on August 1, 2018. The person could have accessed the systems up to March 30, 2019 when AMCA detected the breach and secured its systems. During that time period, the unauthorized person got access to areas of AMCA systems that held information like names, addresses, telephone numbers, birth dates, balance data, dates of service, banking or credit card data and treatment provider details.

After knowing about the data breach, South Texas Dermatopathology discontinued giving patient information to AMCA. It ended its business connection with the company and hired another vendor for its billings and collection services. South Texas Dermatopathology has notified all patients impacted by the breach.

The AMCA breach had affected a total of 24 laboratories and healthcare companies resulting in the exposure of patient data. South Texas Dermatopathology is the last breach victim to report a breach to OCR. It was confirmed that the protected health information (PHI) of 26,059,725 people were affected.

The list below shows the different healthcare organizations impacted by the AMCA. including the number of patients impacted as reported on the HHS’ Office for Civil Rights’ breach portal.

1. Quest Diagnostics/Optum360 – 11,500,000 Confirmed Victim Count
2. LabCorp- 10,251,784 Confirmed Victim Count
3. Clinical Pathology Associates – 1,733,836 Confirmed Victim Count
4. Carecentrix – 467,621 Confirmed Victim Count
5. BioReference Laboratories/Opko Health – 425,749 Confirmed Victim Count
6. American Esoteric Laboratories – 409,789 Confirmed Victim Count
7. Sunrise Medical Laboratories – 401,901 Confirmed Victim Count
8. Inform Diagnostics – 173,617 Confirmed Victim Count
9. CBLPath Inc. – 141,956 Confirmed Victim Count
10. Laboratory Medicine Consultants – 140,590 Confirmed Victim Count
11. Wisconsin Diagnostic Laboratories – 114,985 Confirmed Victim Count
12. CompuNet Clinical Laboratories – 111,555 Confirmed Victim Count
13. Austin Pathology Associates- 43,676 Confirmed Victim Count
14. Mount Sinai Hospital – 33,730 Confirmed Victim Count
15. Integrated Regional Laboratories – 29,644 Confirmed Victim Count
16. South Texas Dermatopathology LLC – 15,982 Confirmed Victim Count
17. Penobscot Community Health Center – 13,299 Confirmed Victim Count
18. Pathology Solutions – 13,270 Confirmed Victim Count
19. West Hills Hospital and Medical Center / United WestLabs – 10,650 Confirmed Victim Count
20. Seacoast Pathology, Inc – 8,992 Confirmed Victim Count
21. Arizona Dermatopathology – 5,903 Confirmed Victim Count
22. Laboratory of Dermatology ADX, LLC – 4,082 Confirmed Victim Count
23. Western Pathology Consultants – 4,079 Confirmed Victim Count
24. Natera – 3,035 Confirmed Victim Count
Total Number of Records Breached – 26,059,725

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]