Data Breach Lawsuit Affects Quest, LabCorp, Other Labs' Patients in Collections

Last Updated on April 8, 2020

Investigation Complete

Attorneys working with ClassAction.org have finished their investigation into this matter.

Check back for any potential updates. The information on this page is for reference only.

Free Consumer Tools:

View List of Lawsuits

→

Comments |

Case Update

April 8, 2020 – Investigation Closed, Lawsuits Continue: Thanks to everyone who helped contribute to this investigation. Multiple class action lawsuits have been filed and continue to make their way through the court system. Any significant updates will be posted to this page. Check out our open list of investigations or sign up for our newsletter for the latest news and information. The information below was posted when this investigation began and exists for reference only.
February 13, 2020 – Cases Consolidated: The lawsuits involving the data breach at American Medical Collection Agency have been consolidated to a single court before a single judge. To learn more about what this means, read our page on multidistrict litigation.

At A Glance

This Alert Affects:: Anyone who received a letter from Quest Diagnostics, LabCorp, or one of the smaller labs in the list below stating that your information was compromised as part of a data breach at American Medical Collection Agency, which does business as Retrieval Masters Creditors Bureau. This alert is geared toward individuals who are interested in serving as a plaintiff in a class action on behalf of the millions of affected individuals.
What’s Going On?: Attorneys working with ClassAction.org would like to talk to people who meet the description outlined above as part of their investigation into the data breach. Several class action lawsuits have already been filed, but they would like to speak to additional individuals who may be able to serve as plaintiffs and help strengthen the litigation. In general, the litigation becomes stronger as more individuals are added as plaintiffs to represent the class.
How Can a Class Action Help: A lawsuit could help consumers receive compensation for the loss of their data and/or be reimbursed for identity theft losses or costs spent for credit reports, credit monitoring, and other expenses related to the breach. The companies could also be required to make certain changes to their data security practices to ensure patients’ information is properly protected.
What’s the Catch?: There is none! It doesn’t cost anything to get in touch and the only people we will ever send your information to are the attorneys we work with.

Class action lawsuits have been filed against American Medical Collection Agency, Inc. (AMCA), Quest Diagnostics, LabCorp and several smaller labs concerning a data breach that took place between August 1, 2018 and March 30, 2019 that allowed hackers to access the private information of millions of patients.

As part of an ongoing investigation into the breach, attorneys working with ClassAction.org would like to speak to anyone who meets the following qualifications and is interested in serving as a plaintiff to pursue litigation on behalf of the class:

You received a letter from Quest, LabCorp or one of the smaller labs listed below stating that your information was compromised as part of a data breach at AMCA; or
You received a data breach letter from AMCA and, in addition, you have copies of collections notices or other documentation linking your involvement in the AMCA data breach to a particular lab. (Note: AMCA's notices do not specify which lab the person was affiliated with for purposes of the breach. Quest, LabCorp and certain other labs have sent their own letters to some or all of their patients who were affected by the breach. It is important that the attorneys know which lab you were affiliated with.)

Whom Did the Data Breach Affect?

It has been reported that the data breach affected over 20 million people. The breach occurred at American Medical Collection Agency – and not at Quest, LabCorp or the other labs themselves – and therefore only affected individuals whose past-due bills at those labs were sent to AMCA for collections.

Patients who simply visited Quest Diagnostics, LabCorp or one of the other labs for testing and who were not in debt collection are not affected by the breach.

The full list of labs affected by the breach can be seen below.

Quest Diagnostics

LabCorp

American Esoteric Laboratories

BioReference (a subsidiary of OPKO Health)

CareCentrix

CBLPath

Clinical Pathology Laboratories

CompuNet Clinical Laboratories

Inform Diagnostics

Laboratory Medicine Consultants

Sunrise Medical/Sunrise Laboratories

Wisconsin Diagnostic Laboratories

West Hills Hospital and Medical Center (United West Labs)

What Happened Exactly?

It has been reported that between August 1, 2018 and March 30, 2019, a hacker had access to an AMCA system that contained personal information received from Quest Diagnostics, LabCorp and other smaller labs. Optum 360, a contractor of Quest, also reportedly used AMCA for collections.

Information from Quest patients compromised in the data breach includes:

Social Security numbers;
Financial information (e.g., credit card numbers and bank account information);
Medical information; and
Additional personal information.

Information from LabCorp patients compromised in the data breach includes certain personal information and, for a more limited number of patients, credit card or bank account information. It may also include Social Security numbers for a small subset of patients.

Information from other labs' patients is generally similar to these data types.

What Do the Lawsuits Say About the Data Breach?

The lawsuits claim that AMCA’s failure to properly safeguard consumers’ information allowed hackers to access its systems for eight months. Had the company properly safeguarded and monitored it systems, the breach would not have occurred or AMCA would have discovered the breach much sooner, according to the suits.

Quest, LabCorp, the other labs and AMCA had a duty to keep patients’ information confidential, yet failed to take the steps needed to do so. Specifically, the suits claim the defendants neglected their responsibilities to consumers when they failed to:

Maintain proper data security systems to prevent data breaches and cyberattacks
Properly monitor data security systems for possible intrusions
Make sure that vendors took reasonable security measures to prevent breaches
Implement procedures to prevent, detect, contain, and correct data security violations
Ensure the confidentiality and integrity of electronic protected health information that was created, maintained and distributed among vendors
Implement procedures to regularly review information system activity, such as access reports, audit logs and security incident tracking reports
Train employees on the policies needed to keep protected health information safe and secure

How Can a Class Action Lawsuit Help?

In general, data breach class actions seek to recover:

Reimbursement of losses suffered due to identity theft and fraud
Reimbursement of credit monitoring fees, credit report fees and credit freezes
Money for lost time spent responding to the breach
Free credit monitoring
Free identity theft insurance

A class action lawsuit could also require the companies at fault to make substantial improvements to their data security systems to ensure such a breach does not occur again in the future.

Before commenting, please review our comment policy.

Featured In:

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Case Resources

Carbonneau v. American Medical Collection Agency, et al.: Read a lawsuit filed in New Jersey against AMCA and Quest over the data breach.

About Us

ClassAction.org is a group of online professionals (designers, programmers and writers) with years of experience in the legal industry.

We work closely with class action and mass tort attorneys across the country and help with investigations into corporate wrongdoing.