Wisconsin Diagnostic Laboratories Alerts 114,000 Customers Of Data Breach

Wisconsin Diagnostic Laboratories has started to notify 114,985 patients that some of their protected health information (PHI) was compromised in the American Medical Collection Agency’s (AMCA) breach from earlier this year. Data affected includes names, dates of birth, dates of service, names of lab or medical service providers, referring physicians’ names, balance owed and “other” medical information. Also, a few individuals may have had their financial information exposed.  AMCA has already filed for Chapter 11 protection after it was reported that the breach affected Quest Diagnostics, LabCorp and BioReference.


EXPERTS COMMENTS
Anurag Kahol, CTO ,  Bitglass
August 29, 2019
To effectively protect data, companies must have visibility, control, and an accurate inventory of all of their data.
Healthcare organizations remain a top target for hackers, as exemplified by the American Medical Collection Agency’s (AMCA) data breach. In fact, there were reportedly 363 breaches affecting healthcare organizations in 2018 that compromised over 9.9 million records; an approximately 86.7% increase in exposed records from healthcare organizations compared to 2017. Wisconsin Diagnostic Laboratories is now among 22 known healthcare organizations to be affected by the billing agency’s breach – bringing the total number of patients impacted to 25 million. Data breaches that remain undetected for an extended period highlight the inadequacy of the reactive security solutions that many organizations rely upon today. To effectively protect data, companies must have visibility, control, and an accurate inventory of all of their data. In other words, organizations need to adopt flexible security platforms that proactively detect and respond to new threats as they arise, enforce real-time access control, encrypt sensitive data at rest, control the external sharing of data, and prevent the leakage of PHI (protected health information). In this way, they can prevent malicious parties from infiltrating their IT systems and exfiltrating sensitive customer information.
Jonathan Bensen, CISO,  Balbix
August 29, 2019
With the impending enactment of the California Consumer Privacy Act (CCPA) in January 2020.
Wisconsin Diagnostic Laboratories joins Quest Diagnostics, LabCorp, Clinical Pathology Associates and other healthcare organizations to be affected by the American Medical Collection Agency’s (AMCA) data breach from earlier this year. Healthcare organizations that collect, store and manage patients’ protected health information (PHI) have an obligation to ensure the integrity of that data and it is imperative that organizations control who can access this data. Unfortunately, Wisconsin Diagnostic Laboratories is learning this lesson the hard way. With the impending enactment of the California Consumer Privacy Act (CCPA) in January 2020, it will not be surprising if a class action lawsuit is filed against the AMCA for any exposure of California citizens’ PHI, as well as any of the affected healthcare providers that shared this information with the billing agency. Even though the AMCA has already filed for Chapter 11 protection, it is still possible that legal action may be taken against them through bankruptcy court. As more companies continue to suffer breaches of consumer data due to partner negligence, it is imperative that security solutions that scan and monitor organization-owned and managed assets as well as third-party systems across hundreds of attack vectors are implemented. By leveraging security tools that employ AI and ML to observe and analyze entire networks in real-time and derive insights in order to prioritize which vulnerabilities need to be remediated first, companies will be able to avoid fines from data privacy laws, litigations, the cost of reparations from breaches and more.
Chris DeRamus , Co-founder & CTO,  DivvyCloud
August 29, 2019
We have already seen companies fined by the FTC for failing to maintain the integrity of their customers’ data.
Wisconsin Diagnostic Laboratories joins a growing list of healthcare providers to be affected by the American Medical Collection Agency’s (AMCA) breach that was discovered earlier this year. Protected Health Information (PHI) is a tempting target for cybercriminals as it has a much longer shelf life compared to credit card information, and it can be used to commit multiple types of fraud or identity theft. Covered entities that provide treatment, payment and healthcare operations must comply with HIPAA. AMCA’s failure to comply has led to approximately 25 million records being exposed from more than 20 providers, and the billing agency has already filed for Chapter 11 protections due to their inability to cover the costs of reparations for this incident. We have already seen companies fined by the FTC for failing to maintain the integrity of their customers’ data, and the looming enactment of the CCPA will only make this task much more imperative for companies across all industries. In order to maintain compliance and secure customer data, organizations need to implement a platform that performs automated, real-time remediation to thwart policy violations and other threats, including misconfigurations and IAM challenges. By doing so, companies will still have the freedom to innovate using public cloud services without sacrificing security, allowing organizations the ability to maintain a competitive edge.
Ben Goodman, Senior Vice President, Global Business and Corporate Development,  ForgeRock
August 29, 2019
Hospitals and healthcare providers are prime targets for threat actors as patients’ protected health information (PHI).
According to research from the Identity Theft and Resource Center, the healthcare industry was victimized by 363 total breaches in 2018, and as a result, nearly 10 million total records were exposed. Hospitals and healthcare providers are prime targets for threat actors as patients’ protected health information (PHI) can easily be sold on the dark web and used to commit fraud, access medical care in the victims’ name, and used in highly targeted phishing attacks. PHI also has a much longer shelf life compared to other types of data, like credit cards which can be easily cancelled and rendered useless. Wisconsin Diagnostic Laboratories joins the ranks of Massachusetts General Hospital, Eye Care Associates, Bayview Dental and Managed Health Services (MHS) of Indiana, as the number of healthcare providers compromised by malicious actors in 2019 continues to grow. It is crucial for healthcare providers to leverage security strategies and tools that prescribe real-time, contextual and continuous security that detects unusual behavior and prompts further action, such as identity verification, to thwart malicious actors that seek unauthorized access to PHI.

Join the Conversation

Join the Conversation


In this article