A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers.
The filing, first reported by Bloomberg, comes from the Retrieval-Masters Creditors Bureau, the parent company of the American Medical Collection Agency (AMCA). Earlier this month, medical testing firm Quest Diagnostics said a breach at the AMCA between Aug. 1, 2018 and March 30, 2019 led to the theft of personal and medical information on 11.9 million patients.
On June 4, KrebsOnSecurity broke the news that another major AMCA client — LabCorp — was blaming the company for a breach affecting 7.7 million of its patients.
According to a bankruptcy filing, LabCorp and Quest Diagnostics both stopped sending the AMCA business after the breach disclosure, as did the AMCA’s two other biggest customers — Conduent Inc. and CareCentrix Inc.
Bloomberg reports the data breach created a “cascade of events,” which incurred “enormous expenses that were beyond the ability of the debtor to bear.”
“Those expenses included more than $3.8 million spent on mailing more than 7 million individual notices to people whose information had been potentially hacked,” wrote Jeremy Hill. Retrieval Masters CEO Russell H. Fuchs “personally lent the company $2.5 million to help pay for those mailings, he said in the declaration. In addition, IT professionals and consultants hired in connection with the breach had cost Retrieval-Masters about $400,000 by the time of the filing.”
Retrieval Masters said it learned of the breach after a significant number of credit cards people used to pay their outstanding medical bills via the company’s site ended up with fraud charges on them soon after. The company also reportedly slashed its staff from 113 to 25 at the end of 2018.
The bankruptcy filing may also be something of a preemptive strike: Retrieval-Masters is already facing at least three class-action lawsuits from plaintiffs in New York and California.
A copy of the bankruptcy filing is available here (PDF).
*** This is a Security Bloggers Network syndicated blog from Krebs on Security authored by BrianKrebs. Read the original post at: https://krebsonsecurity.com/2019/06/collections-firm-behind-labcorp-quest-breaches-files-for-bankruptcy/