Laboratory Corporation of America Holdings (Labcorp) has agreed to a $35,000,000 settlement to resolve a class action lawsuit related to a 2018 cybersecurity incident involving American Medical Collection Agency (AMCA).
Labcorp, a provider of diagnostic testing services, contracted with Retrieval-Masters Creditor’s Bureau, Inc., which does business as American Medical Collection Agency, to collect outstanding payments for services provided by Labcorp.
On May 14, 2019, AMCA notified Labcorp of a cybersecurity incident that resulted in unauthorized access to protected health information (PHI) belonging to Labcorp patients. According to the settlement information, hackers had access to AMCA’s systems between August 2018 and March 2019 and potentially viewed or obtained PHI stored within those systems.
The incident affected multiple AMCA clients. More than 25 million individuals were affected by the data breach, including 10,251,784 Labcorp patients whose PHI was exposed.
The cybersecurity incident resulted in multiple class action lawsuits. Those lawsuits were consolidated into a single legal action known as In Re: American Medical Collection Agency, Inc. Customer Data Security Breach Litigation filed with the U.S. District Court for the District of New Jersey.
The litigation included claims such as negligence and breach of contract. Labcorp denied the claims and maintained that it did not engage in wrongdoing. Labcorp also maintained that any alleged injury or damage was not caused by the security incident or by any act or omission on the part of the company.
Settlement Terms
The parties agreed to resolve the matter after six years of litigation. The settlement was reached in recognition that proceeding through trial and related appeals would involve additional risk and uncertainty, discovery activities, and substantial time and expense.
The $35,000,000 settlement resolves the Labcorp portion of the litigation. The settlement class includes individuals whose information was disclosed by Labcorp to AMCA and was stored in AMCA’s systems when the data breach occurred.
The settlement fund is allocated for paying the attorneys’ fees and expenses, service awards for the 21 class representatives, the notice and administration costs. Remaining funds will be paid to eligible claims for refund of losses, alternative cash payments, and medical and healthcare information monitoring services.
Available Benefits for Class Members
Class members can claim a membership to the CyEx Medical Shield Pro medical and healthcare information monitoring service for two years.
Class members may also submit claims seeking reimbursement of documented and unreimbursed losses related to the data breach. The maximum reimbursement available under the settlement is $5,000 per class member.
Individuals who do not seek reimbursement for documented losses may instead opt to receive an alternative cash payment. The estimated payment amount is $50 per class member. The settlement documents state that the amount may increase or decrease depending on the number of claims submitted.
Deadlines and Court Proceedings
The settlement establishes deadlines for objections, exclusions, and claims. The deadline to object to the settlement or request exclusion from the settlement class is July 27, 2026. The deadline for submitting a claim is September 3, 2026. A final fairness hearing has been scheduled for September 3, 2026.
The settlement information states that individuals who take no action will lose the opportunity to sue Labcorp in the future regarding the data breach. Settlement benefits will only be provided to individuals who submit claims.
Additional information regarding the settlement process, eligibility requirements, and available benefits is available through the settlement administration process identified in the settlement materials.