AMCA Breach Also Affected Penobscot Community Health Center Patients

Another healthcare provider confirmed that it was affected by the American Medical Collection Agency (AMCA) security breach. An unauthorized access of AMCA’s systems resulted to a breach of the protected health information (PHI) of its clients. The breach began on August 1, 2018 and the attacker had continued access until March 30, 2019.

Penobscot Community Health Center (PCHC) is a nonprofit health center established in Bangor, ME. It hired AMCA’s billing collection services. Then on May 15, 2019, PCHC received notification from AMCA that the PHI of its 13,000 patients were potentially compromised.

AMCA was given limited access to the PHI of its clients’ patients in order to perform its billing collection services. Only the PHI of patients with debt due for collection was passed on to AMCA. Hence all the breached information in this incident were just the minimum required data of patients.

The unauthorized persons accessed AMCA’s systems for 8 months and might have viewed or duplicated the patients’ information including their names, referring medical provider names, birth dates, and other medical information connected with PCHC services. Some patients’ credit card details may probably been exposed, too.

PCHC terminated its business dealings with AMCA. Right now, PCHC is attempting to retrieve and safeguard all the patient data managed by the company.

PCHC is now affirmed to have been affected by the AMCA breach alongside BioReference Laboratories, Quest Diagnostics and LabCorp, as well as the more than 20 million persons whose PHI were compromised. Other healthcare organizations may have been affected by the data breach. .

AMCA’s parent company has filed for bankruptcy so that it can liquidate its assets to cover the very expensive breach response.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at