ANNAPOLIS, Md. — Your medical and other private information may have been compromised by a cyberattack against American Medical Collection Agency (AMCA), according to Maryland Attorney General Brian E. Frosh.

The AMCA is a third party collection agency for laboratories, hospitals, physician groups, medical providers and others.

The list of impacted people affects more than 20 million patients. The list is likely to expand and includes the following entities:

  • Quest Diagnostics: 11.9 million patients 
  • LabCorp: 7.7 million patients 
  • BioReference Laboratories: 422,600 patients
  • Carecentrix: 500,000 patients 
  • Sunrise Laboratories: unknown number of patients 

The compromised information varies for each entity, but includes some or all of the following information: 

  • Patient name
  • Date of birth
  • Address
  • Phone number
  • Date of service
  •  Provider
  • Balance information
  • Payment card information
  • Bank account information
  • Social security number
  • Your last lab test performed  

The AMCA’s payment system was compromised on August 1, 2018, and remained vulnerable through March 30, 2019.  

AMCA has started sending out written notices to consumers whose credit card number, social security number, or lab test order information may have been accessed.

Consumers who believe they may have been affected by this breach should immediately take the following steps to protect their information:

If consumers feel they have been harmed and want to file a complaint, they may call the Attorney General’s Identity Theft Unit at 410-576-6491. 

Sign up for the Get Up DC newsletter: Your forecast. Your commute. Your news.