blood vial with audio interview tag

Healthcare Identity Theft: A National Crisis

Devastating breaches are preventable. So why does healthcare identity theft keep happening?

Healthcare identity theft is a national crisis. It’s profitable business for the crooks and easy when defenses are weak.

But healthcare identity theft is preventable.

The latest shocker was announced last week. Twenty million patients’ data was exposed by Quest and LabCorp and their medical billing vendor, American Medical Collections Agency (AMCA). This breach joins Anthem* (2016) and Premera Blue Cross (2014) as among the largest in HIPAA history.

Dollar costs are huge when lawyers bring class action lawsuits.

Download or listen to attorney Paul Hales’ timely discussion about AMCA class actions filed already and the major impact of rapidly growing Health Information Breach lawsuits.

Anthem $115 million class action settlement and $17 million to OCR
Patients affected: 79 million in 2016

Premera $74 million (proposed) class action settlement
Patients affected: 11 million in 2014

Quest/LabCorp/AMCA  $millions – final amount to be determined
Patients affected: 20 million in 2019

Premera Blue Cross Asleep at the Privacy Wheel

Patients across Alaska, Washington and Oregon trusted their information was secure with Premera Blue Cross. That trust was broken when a preventable, sustained cyberattack continued for almost a year.

The class action lawsuit claimed that Premera broke its patient contracts and was negligent when it allowed cyberattackers to steal the protected health information of 10.6 million people, including names, dates of birth, social security numbers and clinical data.

Look at what the settlement requires – not just money, but changes in their business practices. All of these are just elements of good HIPAA compliance.

The HIPAA E-Tool® shows you how to do all of them – you can prevent the next devastating breach – and the cost is a drop in the bucket.

Premera promises:

  • Stronger Passwords
  • Enhanced Email Protections
  • Strict Access Controls
  • Reduced Employee Access to Sensitive Data
  • Moving Certain Data into Archived Databases
  • Annual Security Audits

Billing Company Hacked (at labs used by pretty much everybody)

The most recent headline is Quest and LabCorp – both healthcare providers – using American Medical Collection Agency (AMCA) – a business associate – for billing. Quest and LabCorp are giants in diagnostic testing and dominate the market. AMCA dropped the ball and allowed hackers free access to the system and to gather info for eight months.

This Quest/LabCorp news may only be the tip of the iceberg, since AMCA collects bills for many health care providers nationwide. We’ll learn more as the investigations develop.

Following Quest and LabCorp announcements in early June, the Michigan Attorney General launched an inquiry. Then the Senate noticed and began asking questions. The Office for Civil (OCR) Rights may be next. See the letter to LabCorp from Senators Cory Booker and Bob Menendez. They call out LabCorp’s prior HIPAA security problems in a series of eleven tough questions – due date for answers is June 14, 2019.

These are challenging and very public investigations, but what may be worse are class action lawsuits for negligence. As of today, more than a dozen class actions have been filed in several federal courts.** That’s big money.

Let’s Imagine a Different Scenario

The HIPAA E-Tool® would have required Quest and LabCorp to make sure:

  • AMCA follows HIPAA rules and secured a signed business associate agreement.
  • Risk Analysis-Risk Management would have been ongoing.
  • Access controls for employees and vendors would have been in place
  • The Senators’ eleven questions would have better answers.

There is a real solution. It’s easy, if you know the rules.

The ultimate outcome for Quest/LabCorp/AMCA is unknown. What we know is that millions of patients’ privacy has been compromised again. They may experience identity theft and harm to their credit reports.

  • Healthcare identity theft doesn’t need to happen
  • Strong HIPAA compliance is a blueprint for cybersecurity protection
  • Prevent the next devastating breach with The HIPAA E-Tool®

*Read more about the Anthem breach.

**The latest on the AMCA class actions.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms & Conditions | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124