More than 2M Clinical Pathology patients potentially affected by data breach

Clinical Pathology Laboratories said about 2.2 million patients’ personal information may have been compromised following a data breach at billings collections firm American Medical Collection Agency (AMCA) — the same one that affected LabCorp and Quest Diagnostics patients.

Continue Reading Below

The lab testing company said patients’ names, addresses, phone numbers, dates of birth, dates of service, balance and treatment provider information may have been impacted in the AMCA data breach, which the firm discovered in March.

About 34,500 patients were notified that their credit card and banking information may have been compromised.

“CPL takes the security of its patients' information very seriously, including the security of data handled by vendors. As a result of the investigation, CPL is no longer using AMCA for collection efforts,” the company said in a news release.

AMCA, which CPL and other labs use to process payments, notified the lab about the data breach in May after an investigation was conducted. CPL said it did not immediately notify its patients about the incident because there was not enough information provided on the impact.

“AMCA has advised CPL that its patient's social security numbers were not involved in the incident. CPL does not provide AMCA healthcare records such as laboratory results and clinical history,” the lab said in a news release.

The billings collections firm filed for bankruptcy after LabCorp and Quest Diagnostics announced millions of patients’ personal information may have been compromised due to a data breach at the company.

Quest Diagnostics said about 11.9 million patients’ information, including Social Security numbers and credit card information, may have been potentially affected by the AMCA breach. A day later, LabCorp notified its customers that 7.7 million people may have been compromised.


LabCorp said it did not provide AMCA with patients’ lab results and Social Security numbers and insurance information was not stored in the firm’s system.