Recently it was reported that as a direct consequence of the American Medical Collection Agency (AMCA) hack, Quest Diagnostics (one of the largest diagnostic testing laboratory services in the United States) was breached. This resulted in the exposure of millions of patient records. NOTE: See our blog post in this regard
These records may have included Social Security numbers, payment card information, and personally identifiable medical information.
Now, a second report has surfaced, this time involving OPKO Health Inc, which maintains offices in more than thirty countries around the world. They've recently reported that one of their subsidiaries, BioReference Laboratories, Inc has received the same notification the Quest Labs received. They've been breached, and as a result, more than 400,000 Opko Health Clients have had their personal and confidential data exposed.
Granted, this breach is not nearly as large or as sweeping as the recent Quest Labs breach. Taken together, however, that leaves nearly 12 million patient records exposed. It hasn't been a good month for companies operating in the health care space, to say the least.
Part of the official statement about the breach reads
"AMCA advised that AMCA's affected system includes information provided by BioReference that may have included patient name, date of birth, address, phone, date of service, provider, and balance information. In addition, the affected AMCA system also included credit card information, bank account information (but no passwords or security questions) and email addresses that were provided by the consumer to AMCA.
AMCA has reported to BioReference that it is continuing to investigate this incident, has reported the AMCA Incident to law enforcement and has taken steps to increase the security of its systems, processes and data, including shutting down its web payments page, migrating it to a third-party vendor, and hiring a cybersecurity firm to implement various safeguards to increase security."
It's a fairly boilerplate response at this point and scant consolation to the millions of patients who have now had their information exposed. Be on the lookout for a formal communication from BioReference if you've made use of them for testing.
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting soon.
Contact me if you would like me to speak at your association.