AMCA Data Breach Exposes Millions


On May 10th, reported the American Medical Collection Agency breach, Gemini Advisory found information from 200,000 payment cards for sale on the dark web. Gemini’s investigation links the breached cards to AMCA. We still do not know how many other payment cards or PII may be for sale but we do know that the breach is one of the largest in US history.

Initially the breach was thought to have affected 11.9 million Quest patients but now LabCorp is reporting that 7.7 million of their patients may be breached as well. That is nearly 20 million patients that are affected by one data breach incident involving AMCA.

Information on how the data breach occurred is unavailable but their are only a few logical sources:

1) Insufficient password policies and security
2) Insider compromise
3) Network or database vulnerability
4) Stolen devices that retained access

Exactly how the breach occurred may not be known by AMCA but they should be able to tell us what didn’t happen. In other words the AMCA compliance and cyber security team should be able to tell us that it wasn’t from a lost or stolen device’s access or that their password policies are strictly enforced and sufficiently complex. The fact that AMCA is not issuing a statement is very concerning and can only lead one to believe that the security breach is not closed.

At DriveStrike we take data security seriously and are always available to review how we can help your team secure their data. Please feel free to reach out to our team any time with questions.

DriveStrike is the best most cost effective and easy to use data breach protection and remote wipe solution on the market. Our team is dedicated to delivering excellent service and solutions. Look for our upcoming solution that requires any device accessing patient information to be secured with remote wipe, encryption, and password protection.

Please let us know if we can help you further, you can contact our help and support team any time.

DriveStrike is available for less than $1.00 per device per month when protecting multiple devices.

About Spearstone

Spearstone, 2008 Digital IQ award recipient for IT Security, is a software development company with enterprise customers that include Wells Fargo, Pearson Learning, Logitech, Spacelabs, Sony and RemedyMD. Spearstone’s DriveStrike product provides data breach protection for computers and smartphones, including remote wipe and mobile device management.

Start Your Free 30 Day Trial

Each day brings new data security challenges, so your organization needs simple and wide-reaching solutions to combat those challenges. DriveStrike is here to help you protect your most critical data with premium quality endpoint security. Start a free trial with DriveStrike today, and contact us if you need any assistance. Our team is always ready to answer your questions.