AMCA Data Breach Grows Past the 20 Million Compromised Patient Mark Drew Wilson | June 18, 2019 The blockbuster AMCA data breach this month is continuing to grow. Now, we’re learning that more than 20 million patients have been exposed. The data breach that is haunting North American’s is continuing to grow. We first heard about this breach when Quest Diagnostics saw 12 million of their patients compromised. Later on, LabCorp joined in the misery when they discovered that 7.7 million of their patients have been compromised. Now, we are learning that this particular data privacy nightmare is continuing to get worse. ACMA, the source of the breached information is continuing to deliver bad news. According to ZDNet, more labs are finding that their information is compromised in the data breach. From the report: The breach, first reported by DataBreaches.net, took place after a hacker group compromised AMCA’s IT network and stole payment information, which they later put up for sale on carding forums. Exposed data included names, home addresses, phone numbers, dates of birth, Social Security numbers, payment card details, and bank account information. After being confronted about the hack, AMCA officials admitted to the security incident, which they said lasted from August 1, 2018, to March 30, 2019, a period of eight months. Since officially confirming the breach, several of AMCA’s corporate clients (testing labs) have now also started notifying their own customers of their billing partner’s security snafu. The list of impacted testing laboratories includes Quest Diagnostics (11.9 million patients), LabCorp (7.7 million patients), BioReference Laboratories (Opko Health subsidiary, 422,600 patients), Carecentrix (500,000 patients), and Sunrise Laboratories (undisclosed number of patients). The report goes on to say that the company initially admitted to the breach, but only said that 200,000 patients were compromised. We now know that the problem is more than 100 times worse than the initial statement at this point. It’s incidents like this that makes it impossible to believe companies when they say that a breach isn’t so bad. We’ve seen it happen so many times when an initial assessment winds up only being the tip of the iceberg of the problem. A few thousand accounts end up being a few million accounts. Another example is the notorious Equifax data breach where the scope of the breach just kept getting worse and worse and worse. June has been a pretty bumpy month for breaches and leaks. This month kicked off with the First American data leak which saw 885 million records exposed. After that, Marriott’s parent company suffered a breach which saw 85.4GB of security information exposed. After the AMCA breaches saga, we saw the U.S. Customs and Border Protection data breach which saw an unknown amount of data exposed. Finally, there is the comparatively minor breach at Emuparadise which saw 1.1 million web forum accounts exposed. This latest revelation shows that June doesn’t appear to be done yet. Drew Wilson on Twitter: @icecube85 and Facebook.