The company said it has referred millions of customers to AMCA for billing collections, and 7.7 million customers had their data stored in the hacked system.
AMCA’s system stored customers’ first and last names, credit card and bank account numbers, birth dates, addresses, phone numbers, dates of service, health care provider information, and the amount customers owed. LabCorp said it did not provide AMCA with information about tests, lab results, or diagnostic information. AMCA said it did not store Social Security numbers.
LabCorp said it will no longer do business with AMCA. The billing collections company said it continues to investigate the breach and has taken down its web payments page.
“We remain committed to our system’s security, data privacy, and the protection of personal information,” the company said.
Quest also said it has stopped using AMCA for billing and that it was using “forensic experts” to examine the issue.
Both LabCorp and Quest said AMCA has not yet provided detailed information about the incident, including which customers might have been affected.
“LabCorp takes data security very seriously, including the security of data handled by vendors,” the company said Tuesday.
Quest said Monday it remains “committed to keeping our patients, health care providers, and all relevant parties informed as we learn more.”