Friday, June 14, 2019
It Is Not Only In Australia That We Are Seeing Lots Of Health Data Breaches.
This appeared last week:
Published June 06 2019, 3:18pm EDT
A hack of healthcare data involving a medical bill collector and two major diagnostics companies is now attracting more questions from key members of Congress.
American Medical Collection Agency, an Elmsford, N.Y.-based collections firm, has now been identified by two large diagnostics companies as the victim in a large healthcare data breach. On Tuesday, Laboratory Corporation of America—widely known as LabCorp—reported that 7.7 million patients’ accounts at AMCA were stored in the vulnerable computer system. The disclosure follows a similar warning by Quest Diagnostics that 11.9 million people were exposed.
The exposed data includes names, dates of birth, addresses, financial and other personal information. LabCorp didn’t provide AMCA with any ordered test, diagnostic information or test results, the company said in a securities filing. Quest said in a statement that the hack may have included unspecified medical information, but not test results.
Three senators, including New Jersey Democrats Bob Menendez and Cory Booker, and Mark Warner, a Virginia Democrat, wrote Quest on Wednesday asking about the breach. Warner, a leading cybersecurity advocate in Congress, said in his letter to Quest that contractors like AMCA were a frequent target.
“I am concerned about your supply chain management, and your third party selection and monitoring process,” Warner said in the letter to Quest Chief Executive Officer Stephen Rusckowski. Quest and LabCorp have both said they haven’t gotten a full accounting of the breach by AMCA.
In a separate letter, Menendez and Booker demanded that Secaucus, N.J.-based Quest provide a detailed timeline of the breach and the company’s reaction to it, including what steps it has taken the company has taken to limit patient harm.
Medical records are frequent targets because they contain a rich tapestry of information that can be used for identity theft. One of the largest health-related hacks was a 2015 breach at insurer Anthem, in which records for about 80 million people were exposed. A Chinese citizen was indicted by U.S. authorities last month concerning that hack.
When the two largest laboratory testing companies leak millions of pieces of patient information it really is time to call halt and ask some really hard questions about just what is going on?
Good to see Congress is taking the issue seriously and interesting to see it is a third-party that seems to have been at fault in all this – makes one wonder about all those third parties with access to the My Health Record.
Posted by Dr David G More MB PhD at Friday, June 14, 2019