Cybersecurity remains a pressing issue for healthcare organizations in the United States—with a host of organizations admitting that they suffered in the data breach of the American Medical Collection Agency (AMCA).
The data revealed in the attacks varied from company to company, but attackers gaining access to some patients’ names, addresses, phone numbers, and even payment and sensitive healthcare information.
And a quick Google search reveals that most of these companies used the same template in their statements, merely changing information specific to their attack: Western Pathology Consultants, Laboratory Medicine Consultants, and CBLPath, Inc. all admitting to breaches, just to name a few.
Many of the companies listed in the breach are deciding, in the wake of the attack, to terminate their relationships with the AMCA. Austin Pathology Associates, for example, estimates about 47,000 patient records were compromised, and has decided to continue their investigation after cutting off business ties to the AMCA. A majority of the breach victims have followed suit.
In the wake of the breach and the subsequent loss of business, the AMCA has filed for Chapter 11 bankruptcy. Describing their current financial difficulty due to a “cascade of events”, the company is seeking to liquidate $10 million in assets and liabilities. As Jessica Davis of Health IT Security writes, “after the breach, Retrieval-Masters Creditors Bureau CEO Russell Fuchs wrote in the court filing that the company has incurred ‘enormous expenses that were beyond the ability of the debtor to bear.’ The company has spent $3.8 million to mail over 7 million individual notices to individual breach victims.”
A diagnostic of the attack reveals that the systems were vulnerable for eight months. More than 20 million patient records were accessed during this time.
The individual companies embroiled in this cyberattack have been hit with a litany of lawsuits and are currently under various state investigations.