July 30, 2019
AMCA Data Security Incident – Notice
Integrated Regional Laboratories, LLC July 30, 2019
Integrated Regional Laboratories, LLC (“IRL”) is committed to protecting the privacy and security of patient information, and as part of this commitment, we are making individuals aware of a recent incident that may have impacted their personal information.
IRL provides clinical laboratory and anatomic pathology services to hospitals, physician groups and other clients. We have utilized a company called American Medical Collection Agency (“AMCA”) to assist with patient collections services. On March 20, 2019, AMCA discovered a security incident affecting one of its servers. AMCA reported the incident to law enforcement, secured the affected server and conducted an internal investigation. AMCA’s investigation showed that as a result of the security incident, an unauthorized user accessed AMCA’s system between August 1, 2018 and March 30, 2019.
IRL received initial notification from AMCA of the suspected security incident on June 3, 2019, and on June 13, 2019, we were notified that the incident potentially affected certain IRL patients and/or individuals financially responsible for services provided to IRL patients. We immediately began an investigation into the issue, we stopped using AMCA’s services, and we ceased sending patient accounts to AMCA. In addition, IRL instructed AMCA in writing to securely destroy all IRL data from AMCA systems and servers As a result of the AMCA security incident, the following types of information pertaining to IRL patients and/or those financially responsible for their care may have been accessed: name, home address, amount owed for IRL laboratory services, date of such services, and patient account number. In a small number of instances, an individual's debit or credit card number could have been accessed. AMCA has separately provided written notice to those individuals for whom this is the case. In all cases, Social Security Numbers were not affected.
Although we do not have reason to believe that individual information has been or will be misused as a result of AMCA's security incident, we advise that individuals remain vigilant for incidents of fraud and identity theft by regularly reviewing financial account statements and explanation of benefits and monitoring free credit reports for any unauthorized activity. If affected individuals discover any suspicious or unusual activity on their accounts, they should immediately notify their financial institution(s).
Individuals wishing to find out if their information was affected by AMCA's security incident may call 1-800-522-0232, extension 505.