June 06, 2019
2 min read

Second reported data breach in as many days prompts cybersecurity warnings, tips

You've successfully added to your alerts. You will receive an email when new content is published.

Click Here to Manage Email Alerts

We were unable to process your request. Please try again later. If you continue to have this issue please contact customerservice@slackinc.com.

The health care diagnostics company LabCorp announced that “unauthorized activity” occurred on the webpage of American Medical Collection Agency, LabCorp’s external collection agency, impacting up to 7.7 million patients.

The breach occurred between Aug. 1, 2018, and March 30, 2019 and involved customers’ personal, medical and payment information, but not ordered tests, laboratory results, diagnostic information, Social Security numbers or insurance identification information, according to a U.S. Securities Exchange Commission document filed by LabCorp.

LabCorp said it has stopped sending new collection-related work orders to the American Medical Collection Agency and the company is to stop existing collection work assignments.

These reports come a day after Healio reported that the web payment page of American Medical Collection Agency’s operations with Quest Diagnostics experienced a similar situation, potentially impacting 11.9 million Quest Diagnostics patients.

AMA data suggest these incidents are not isolated. The medical society has previously announced that slightly more than 80% of U.S. physicians have experienced some type of cybersecurity attack, with the most common being phishing and computer viruses.

These reports serve as a reminder that the increasing dependence of the medical community on electronic operations has potential unintended consequences. Healio has previously reported on why medical equipment, physician practices and hospitals are vulnerable to cybersecurity threats and data breaches and how these enterprises can help protect their electronic information. A sampling of this coverage follows. – by Janel Miller

doctor at a computer 
The health care diagnostics company LabCorp announced that “unauthorized activity” occurred on the webpage of American Medical Collection Agency, LabCorp’s external collection agency, impacting up to 7.7 million patients.


Why health care remains a target to cyberattacks

Zuly Gonzalez, cofounder and CEO of Light Point Security, discusses why health care institutions are becoming more popular targets for hackers and what information cyberattacks are targeting. Gonzalez previously spent more than a decade as a cybersecurity expert at the National Security Agency. Read more.

Cybersecurity should be a research priority for hospitals

Between October 2009 and December 2016, 1,798 data breaches were reported. Among them, 1,225 breaches were reported by health care providers and the remainder were reported by business associates, health plans, or health care clearing houses. Read more.

Concern grows over cybersecurity for diabetes devices

Diabetes devices have shifted toward the “internet of things,” an environment in which common objects are designed to communicate with the internet, as well as with each other. Although this type of seamless transmission of information provides obvious convenience and effectiveness, it also leaves areas of vulnerability. Read more.


5 things physicians should consider to help protect data

Health care organizations need to treat security as a priority and increase their security budgets so that they can implement proper security measures and defenses. Read more.

FDA, DHS coordinate medical device cybersecurity efforts

The FDA and Department of Homeland Security are stepping up efforts to protect patients from cybersecurity attacks on medical devices, according to a press release. Read more.

How to counsel patients on cardiac device cybersecurity

The Heart Rhythm Society released a proceedings statement advising clinicians how to communicate with patients if a cybersecurity threat to their cardiac device has been identified. Read more.

Software update issued for cybersecurity vulnerabilities in Medtronic devices

The FDA issued a safety communication that Medtronic will issue a software update to resolve cybersecurity vulnerabilities associated with two programmers used to implant cardiac implantable electrophysiology devices in patients with heart failure or arrhythmia disorders. Read more.