Two class action lawsuits were filed in the U.S. District Court in Kansas City, Kansas Thursday alleging two medical diagnostic companies failed to monitor a debt collection agency that allowed hackers to access personal and medical data of more than 11 million people.
The suits were brought against Quest Diagnostics, based out of New Jersey, and LabCorp, based out of South Carolina as well as the American Medical Collection Agency (AMCA) which does work for both companies. Quest Diagnostics and LabCorp each have offices throughout the Kansas City area.
None of the companies responded to the Star’s request for comment in time for publication Friday.
According to the suits, LabCorp and Quest Diagnostics each used AMCA as a debt collection agency when customers failed to pay an invoice for medical tests. Because of this, AMCA had access to and stored information about those customers.
That information included name, birth date, financial information, address and phone number for LabCorp customers. AMCA had social security numbers and medical information for Quest Diagnostic customers as well as other information according to the suits.
11.9 million Quest Diagnostics customers and 20 thousand LabCorp customers were impacted by the breach, according to the suits.
Both companies said in their notices that they did not have a list of customers affected but have stopped sending customer data to AMCA following the incident.
AMCA is investigating the incident according to LabCorp’s notice.
The suits argue that the companies were negligent and violated the Health Insurance Portability and Accountability Act (HIPPA) by failing to protect customer data.
Optum 360, the company that handles revenue services for Quest Diagnostics, is also listed as a defendant in the suit against Quest Diagnostics.