Quest Diagnostics, Optum 360, LabCorp Data Breach Lawsuit

FAQ

Lab Patient Data Breach Lawsuit

A data breach may have allowed hackers to access private personal and financial information of millions of lab patients between August 1, 2018, and March 30, 2019. The data breach occurred at American Medical Collection Agency but may have affected up to 20 million people had overdue laboratory service bills with Quest Diagnostics, Optum 360, LabCorp and others. Many of these patients may be participating in a Class Action Lawsuit.

Labs with patients who may be affected by data breach include:

• Quest Diagnostics Incorporated
• Quest Diagnostics Clinical Laboratories, Inc.
• Optum 360 LLC
• Optum 360 Services, Inc.
• Laboratory Corporation of America Holdings (LabCorp)
• American Esoteric Laboratories
• Arizona Dermatopathology
• Aurora Diagnostics LLC
• Austin Pathology Associates
• BioReference Laboratories Inc./Opko Health
• CareCentrix, Inc.
• CBLPath
• Clinical Pathology Laboratories, Inc.
• CompuNet Clinical Laboratories
• Inform Diagnostics, Inc.
• Laboratory of Dermatopathology ADX, LLC
• Laboratory Medicine Consultants, Ltd.
• Natera
• Penobscot Community Health Center
• Seacoast Pathology, Inc.
• Sonic Healthcare USA
• South Texas Dermatopathology Lab, PLLC
• Sunrise Medical Laboratories
• Western Pathology Consultants, Ltd.

Patients whose laboratory accounts were not past-due and were not in collections with AMCA are not affected by the laboratory patient data breach.

What was exposed?

Up to 20 million lab patients whose bills for laboratory services were past due and being processed by AMCA, may have been exposed to identity theft, fraud and placed at financial risk. Many of these people have already received letters and may be considering lawsuits to compensate them for financial risks that have occurred.

Information that may have been obtained by hackers includes:

• Name, Address
• Birth dates
• Social security numbers
• Financial information (credit cards and bank account)
• Medical information
• Other personal information

The data breach occurred at American Medical Collection Agency (AMCA) and not at Quest Diagnostics, Optum, LabCorp or other locations. The data breach involved information of people whose laboratory service accounts were in arrears or past due. Many patients whose data was exposed have already received letters from AMCA or their laboratory service company.

People who had laboratory services provided by one of the named labs but were not in arrears, were not placed at risk.

AMCA Data Breach Claims

AMCA along with their clients, Quest, Optum, and other labs, had the duty to keep patient information safe and secure but failed in that duty and may have placed millions of patients’ data at risk.

The Quest Diagnostics, Optum 360 data breach lawsuits claim that the company failed to properly safeguard consumers’ information which allowed hackers to access its systems for eight months. If the companies had properly safeguarded accounting and computer systems, the breach would not have occurred and if systems had been properly monitored, the breach would have been discovered much sooner.

The data breach lawsuits claim specifically that AMCA and lab companies including Quest Diagnostics, Optum 360, LabCorp and others failed to:

• Construct and maintain appropriate data security systems to prevent intrusion, data breach and cyberattack
• Adequately monitor data security systems for intrusion, data breach and cyber attack
• Ensure that contractors or vendors used appropriate security measures to prevent breaches
• Ensure that confidentiality, privacy, and integrity of electronic protected health information that was created, maintained and distributed among vendors remained safe, private and secure

AMCA Settlement with State Governments

In March of 2021, AMCA and backing company Retrieval-Masters Creditors Bureau reached an agreement with officials in 41 states and Washington DC. The multistate agreement involved attorneys general from states including New Jersey, New York, Ohio, Michigan, Washington DC, Florida, and others and could lead to a $21 million fine.

The AMCA data breach was the largest information exposure during the time period of August 2018 to March 2019 and may have exposed 21 million people including nearly 12 million patients from Quest Diagnostics alone.

The agreement with the multistate coalition will reportedly require implementation of data security practices to help ensure security of client data. This may include implementation of an incident response plan, appointment of a data security officer and other procedures which will help provide safeguards for the size and scope of data controlled by the collection agency.

Data Breach Lawsuit Compensation

Patients whose accounts for laboratory services were in collection may have been exposed to financial losses due to identity theft, fraud or other financial issues and may have been required to spend time or costly resources to recover losses. If successful, data breach lawsuits may help provide compensation for those losses.

Data breach class actions generally seek to recover costs including:

• Compensation for losses suffered caused by identity theft and fraud
• Reimbursement of credit monitoring fees, reporting fees and costs of credit freezes
• Financial compensation for lost personal or work time spent responding to problems caused by the breach
• Free credit monitoring
• Free identity theft insurance

In some cases, class action lawsuits also require companies to make improvements in their systems to prevent future breach or data failure.

People who received a letter notifying them that their data may have been compromised or those who had a past due Quest Diagnostics, Optum 360, LabCorp or other laboratory service account in collection with AMCA between August 2018 and March 2019 may be eligible for compensation through a Data Breach Lawsuit.