Print Friendly and PDF
Watch out for scams related to your next stimulus payment
Injuries related to some consumer products increase substantially during pandemic despite drop in number of all emergency room visit

American Medical Collection Agency agrees to settle multistate investigation into 2019 data breach

Amca-logo-American Medical Collection Agency 2-860x520-7American Medical Collection Agency or AMCA has agreed to resolve a multistate investigation into a 2019 data breach that exposed the personal information of more than 7 million people, and possibly exposing the personal information of up to 21 million throughout the United States.

AMCA specialized in small-balance medical debt collection mainly for laboratories and medical testing facilities.

An unauthorized user gained access to AMCA’s internal system from August 1, 2018, through March 30, 2019.

AMCA failed to detect the intrusion, despite warnings from banks that processed its payments, said Nevada Attorney General Aaron D. Ford. The unauthorized user was able to collect personal information, including Social Security numbers, payment card information, and, in some cases, names of medical tests and diagnostic codes.

“Debt collectors, particularly those with consumers’ health information, have a duty to uphold the promise to keep consumers’ data safe from unauthorized access,” said Ford.

On June 3, 2019, AMCA began providing breach notices to more than 7 million affected people, which included an offer of two years of free credit monitoring. On June 17, 2019, as a result of the costs associated with providing notification and remedies for the breach, AMCA filed for bankruptcy.

The multistate coalition participated in the bankruptcy proceedings through the attorneys general of Indiana and Texas.

AMCA received permission from the bankruptcy court to settle with the multistate group, and on December 9, 2020, filed for dismissal of the bankruptcy.

As part of the settlement, AMCA may be liable for a suspended $21 million total payment to the states. Because of AMCA’s financial condition, the payment is suspended unless the company violates terms of the settlement agreement.

Under the the settlement, AMCA and its officials have agreed to carryout security practices to strengthen its information security program and safeguard the personal information of consumers.

In addition to Nevada, among the other states participating in the investigation are: Connecticut, Colorado, Hawaii, Idaho, Illinois, Indiana, Iowa, Maine, Maryland, Massachusetts, Michigan, Minnesota, Nebraska, New Hampshire, New York, Ohio, Oregon, Pennsylvania, Rhode Island, Tennessee, Vermont, Washington, and West Virginia.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)