May 5, 2020 – As reported by HealthITSecurity

LabCorp is being sued by one of its shareholders as a result of 3 breaches starting in 2018, the largest, in part the result of the actions of one of their business associates, American Medical Collection Agency.

LabCorp was one of multiple covered entities impacted by the American Medical Collection Agency breach, the largest breach of 2019; where hackers compromised AMCA systems for about eight months, affecting approximately 7.7 million LabCorp patients. The compromised data included names, dates of birth, dates of service, provider names, balances, credit card or banking information, addresses, and phone numbers.

Total costs incurred by LabCorp for breach response and remediation is approximately $119 million to date (not including the cost of multiple law suits filed by affected patients and reputational harm caused by the breach).

Multiple issues were sited in the filing including lack of effective cybersecurity, lack of proper controls, lack of training of workforce members, lack of monitoring the compliance of business associates.