Massive Cyberheist Bankrupts Medical Debt Collector



AMCA-classactionAMCA, a medical billing collections agency that was hacked last year in an incident believed to impact millions of medical patients is now seeking a federal bankruptcy court’s protection from its own creditors. 
 
American Medical Collection Agency filed for Chapter 11 bankruptcy protection in New York this week citing a “cascade of events” stemming from the March 2019 realization that its systems had been breached, as well as the decision of its four major clients to jump ship.
 
The breach, CEO Russell Fuchs wrote the court, “resulted in enormous expenses that were beyond our ability to bear.”
 
Millions of patients who had undergone lab testing at Quest Diagnostics and LabCorp facilities are said to have been affected by the breach. In its wake, AMCA paid roughly $400,000 to hire outside security professionals to determine the source of the attack. It also cost millions of dollars to notify anyone who might’ve been affected.

“Because the [AMCA] was unable to determine a particular subset of persons or data files that had been hacked, the Debtor [AMCA] had no choice but to work under the assumption that all of the information within its servers were compromised,” wrote Fuchs, who loaned AMCA $2.5 million of his own money to complete the process.

The company was also forced to lay off nearly 90 employees this year, he added. In his declaration, Fuchs requested the court’s permission to continue compensating the 25 who are left.

CEO Fuchs said the company, which he founded in 1977, originally had its own IBM mainframe that served AMCA’s purposes “well for many years.” But changes in technology (most notably, the shift to cloud computing) made it clear, he said, that continued reliance on the office system “would not be tenable in the long term.”

AMCA estimates its current liabilities at somewhere between $1-10 million. The company, along with Quest Diagnostics and LabCorp, are currently the subjects of investigations and lawsuits linked to the breach in multiple states, including New York, California, and New Jersey.




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews