AMCA Declares Chapter 11 Bankruptcy After Data Breach Related Lawsuit Drew Wilson | June 20, 2019 Drama is ratcheting up yet again for AMCA. Now, after a data breach and subsequent class action lawsuit, the company is declaring bankruptcy. The fast moving story revolving around AMCA is continuing at breakneck speed. As hard as it is to believe, the story only started earlier this month when we saw Quest diagnostics hit with a data breach. In all, 12 million patients were compromised. That story was quickly followed up by LabCorp admitting that they had 7.7 million patients exposed in the same breach. The source of the break was traced back to AMCA. Just a few days ago, we reported how other labs were having their patients exposed in the same breach as well. In all, so far, more than 20 million patients were exposed. Then, just yesterday, we reported on how AMCA and Quest diagnostics were hit with a class action lawsuit. Now, there is another twist to the story. After all that has happened, AMCA is now declaring Chapter 11 bankruptcy. According to Health IT Security, the paperwork was filed in New York: Filed in the Southern District of New York, the petition explained that AMCA is seeking to liquidate its assets and liabilities worth up to $10 million due to a “cascade of events.” After the breach, Retrieval-Masters Creditors Bureau CEO Russell Fuchs wrote in the court filing that the company has incurred “enormous expenses that were beyond the ability of the debtor to bear.” The company has spent $3.8 million to mail over 7 million individual notices to individual breach victims. Fuchs even lent AMCA $2.5 million to pay for those mailings, according to the filing. Another $400,000 was spent on IT professionals and consultants hired to assist with the breach response. In March, AMCA discovered the hack, and the investigation revealed the breach occurred from August 1, 2018 to March 30, 2019—when it was discovered. The billing services vendor began notifying the impacted clients on May 31, beginning with Quest Diagnostics. From an investigative standpoint, it wouldn’t be unheard of if a company found itself in trouble and quickly declared Chapter 11 for the purpose of simply making all the problems go away. After all, it is peculiar that a company that might be once raking in millions in contracts suddenly declaring bankruptcy over the course of a mere couple of weeks. BankInfoSecurity is detailing the events in a rather thorough manner. Here’s their report: The company first learned that there might be a problem when it received a series of Common Point of Purchase notices that suggested that a disproportionate number of credit cards that at some point had interacted with AMCA’s web portal were later associated with fraudulent charges, the court documents say. In response, AMCA shut down its web portal to prevent any further compromises of customer data and engaged outside consultants who confirmed that AMCA’s servers had been hacked as early as August, 2018, Fuchs says in the filing. “This knowledge led to … a cascade of events that ultimately has resulted in the [company’s] need to seek relief under Chapter 11,” he states. As a result of the data breach, the company suffered “a severe drop-off in its business,” he says in the filing. “Almost immediately upon learning of the breach, LabCorp unqualifiedly and indefinitely terminated its relationship with the [company]. Soon after, Quest Diagnostics, Conduent Inc., and CareCentrix Inc., which together with LabCorp were [RMCB’s] four largest clients, stopped sending new work to [RMCB], and all terminated or substantially curtailed their business relationships with the [company].” In a statement provided to Information Security Media Group, Hartford, Conn.-based CareCentrix confirmed it has terminated its contract with AMCA. A lot of this is what AMCA suggests is a cascade of events. There is, of course, the class action lawsuit. There is a series of inevitable government investigations. All this and who knows what else is in store for the company. Of course, for all the labs that had AMCA as the company of choice to handle financial information, this development can’t be the worlds greatest news for them. If their trust in third parties to handle financial information hasn’t been shaken, that would be impressive. After all, AMCA isn’t the only one named in class action lawsuits at this point. Now, they are left to handle the fallout of all of this because many have a business to run once this is all over. One thing is for sure, this whole situation has become an extremely messy one. It wouldn’t be a surprise if it takes years to sort out all of this. Drew Wilson on Twitter: @icecube85 and Facebook.