Report it Right: AMCA got hacked – Not Quest and LabCorp
1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 3.67 out of 5)
Loading...

Report it Right: AMCA got hacked – Not Quest and LabCorp

This is just one more example of the way the media mucks up cybersecurity coverage

Chances are, if you’ve had blood drawn in the US recently and didn’t pay your bills on time – your information has been compromised. Over the past couple of days both Quest Diagnostics and LabCorp, the two biggest US medical testing companies, have gone public with news of a third-party breach that will affect nearly 20 million customers (12-million for Quest, 7.7-million for LabCorp).

Here’s the thing though: neither of those two companies were actually the ones that messed up – the American Medical Collection Agency was. And frankly, the AMCA should be the one getting pilloried in the news headlines right now.

This is indicative of a greater problem with the way the media covers cybersecurity though. Which is to say, poorly. That’s likely a result of a general lack of understanding on the part of the people reporting it. But it’s also unacceptable because it can give false impressions and actually even end up harming security.

So, today we’re going to talk about the AMCA Data Breach, the way the media covers cybersecurity issues and what needs to be done to fix it.

Let’s hash it out.

Let’s place the blame where it’s due: AMCA

Let’s start with what actually happened before we begin dissecting the coverage of it. AMCA got breached. The American Medical Collection Agency is a debt collection service. When you go get a medical procedure done – not just bloodwork, really anything billable – and you don’t pay on time, it gets sent to the AMCA (or a company of its ilk). According to its website, the AMCA is:

“…the leading recovery agency for patient collections…and one of the nation’s top high volume lower balance agencies, managing over $1 billion in annual receivables for a diverse client base.”

I’m not going to wax poetic about the morally bankrupt practices of the collections industry or provide anecdotal evidence of all the scummy ways they go after people. For all I know the AMCA is nothing like that. The Better Business Bureau gives them a rating of D-, but hey at least it’s not an F.

Regardless of your feelings about the business it conducts though, the AMCA should be the company that’s wearing this one. It got breached and it didn’t even know it.

“We are investigating a data incident involving an unauthorized user accessing the American Medical Collection Agency system. Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page,” a spokesperson for AMCA said.

But that’s not how this is being covered. Nearly every single headline mentions either Quest or LabCorp. There’s a reason for that. HIPAA guidelines require both of these organizations to report this data breach, even though it happened to a partner and not them directly.

This would be a good time to mention that under the GDPR, HIPAA and a number of other regulations and laws – you also have some culpability when your partners screw up, even if you weren’t directly responsible. This is why it’s important to have Data Processing Agreements and other similar mechanisms in place to help limit legal liability.

But, as we’re seeing, even if you follow the letter of the law, your partners’ mistakes can end up hurting you way more than it hurts them. The AMCA isn’t being singled out for this. Its reputation isn’t taking as much of a hit as the two medical testing companies’ are.

And this is only going to get worse, because the AMCA has other DBAs, such as “Retrieval-Masters Credit Bureau” (BBB: F rating… welp) and “American Traffic Solutions,” (not BBB accredited). It has clients well beyond just the medical industry. But given the status quo, as more and more of the affected companies are notified and come forward, it will be their names in the headlines – not AMCA’s.

But make no mistake about it, this is on the AMCA.

We have to do a better job reporting on data breaches

I started out my career as a newspaper reporter. I know what it’s like to work a beat, I know what it feels like to get tossed on a story you know nothing about – I get it. It’s not an easy job and the media is too reviled in this country. Having said that, there needs to be a higher standard for cybersecurity coverage.

And this is not isolated to just this incident. Take, for instance, the news last week that Checkers and Rally’s had been breached and millions of people could potentially have their financial information compromised. Go Google that real quick.

Look at the headlines. You may be asking, “what’s wrong with that?” The problem is that it seems to misunderstand the way people consume this kind of news, and just news in general. Headlines have never been more important than they are in the digital age, where people are bombarded by media from all angles.

Many people only read the headlines. Trust me, outside of the cybersecurity community most people aren’t going to click on a link to read about a data breach at Checkers. I see the traffic for Hashed Out every Monday and stories about data breaches aren’t what move the needle. Add in that we’ve all kind of become numb to the term “data breach,” and it’s apparent these headlines aren’t accomplishing what they need to be.

In this case “Data Breach” is too vague. You see a couple of headlines that mention the number of locations or that it was a card breach, which is closer to where it needs to be, but only one outlet actually got it right: ThreatPost.

POS Malware Found at 102 Checkers Restaurant Locations

Even if someone just skims the headlines, this at least paints a clearer picture of what’s happened. If they’re concerned, they may actually click and find out what “POS Malware” actually is. This is useful. But just throwing it under the catch-all term “data breach” is at best inefficient and at worst downright lazy.

People need a clearer idea about whether this affects them. The headline is your best chance to do that.

Now let’s turn back to the AMCA data breach

Once again the headlines are failing to capture the reality of the situation. This was not a LabCorp breach, this was not a Quest breach – this was an AMCA breach. Failing to mention that, or at least say that it was a third-party breach is frankly a disservice to these companies as they practice responsible disclosure of what was affected.

And while that’s bad for the individual companies, it’s worse for the cybersecurity ecosystem. We need companies to come forward with disclosures when one of their partners messes up and data is compromised. We’ve tried to legislate that with varying degrees of success but at the end of the day, many companies are still loathe to do that.

A study by nCipher that came out just last week found that 71% of UK C-Suite executives would be willing to cover up a data breach if they could escape the penalties.

Now, what about the way this news is being presented would ever make a company want to willingly admit to something like this? Because right now, the average internet user that sees any of these headlines thinks it was Quest or LabCorp – or any of the other companies that will likely make announcements in the upcoming days and weeks – that messed up.

And it wasn’t, their biggest mistake was trusting the wrong company. That’s both a strong reason to vet your potential partners and ensure they’ve got adequate security safeguards in place, but also an indictment of the way these stories are covered.

And again, beyond mis-attributing the fault, at least at a glance, the headlines aren’t even that helpful. If I know it was those companies’ collections agency, I know whether or not it affects me. Just saying Quest or LabCorp got breached really lacks the proper context.

Again, the headlines are what most people are going to skim. You have to make them count.

What can be done to improve the way the media covers cybersecurity?

This is a multi-faceted issue that isn’t going to be changed with a single fix. A lot of these media companies are struggling to keep up with the digital landscape, they’re understaffed, their reporters are overworked. There’s a reason I left my job as a reporter.

So one of the biggest issues is that the resources just aren’t there. But part of the problem is also archaic views on the way a news division should be organized. Tech and cybersecurity are major topics nowadays and media outlets should be trying to invest in reporters and journalists with expertise in those areas. They need dedicated coverage. You wouldn’t hire a business reporter without a strong knowledge of the financial industry. You wouldn’t hire a sports reporter that doesn’t know about sports. But with a lot of these tech topics that’s what happens. You get a reporter that’s honestly just trying to do their best with a topic they’re not knowledgeable about.

Unfortunately, there’s a big cybersecurity skills gap right now. There are a lot more roles than talent. And a lot of those roles pay better than being a reporter or journalist does.  So the incentive to become a cybersecurity reporter at any but the best outlets isn’t very high.

Granted, some organizations, like the New York Times and Washington Post do staff actual cybersecurity experts. Most don’t though, and that means they have to approach the story from a layman’s perspective and try to latch on to the things that they THINK are the most important without knowing for sure whether or not they actually are.

LabCorp and Quest are much bigger names than AMCA, so putting them in the headline makes sense from a recognition standpoint, but it also distorts people’s impression of the actual news.

As I said, there is no easy fix for this, no magic wand to wave or pixie dust to sprinkle. But it still needs to be brought up.

And look, I have no problem with the media taking an irresponsible or negligent company to task. That kind of public shaming can actually be a net-positive. But it has to be used appropriately. Not every breach is the same. The devil is in the details.

That’s why improving the media’s coverage of these issues is so important.

As always, leave any comments or questions below…

Hashed Out by The SSL Store is the voice of record in the SSL/TLS industry.
34 comments
  • I agree with your comments but I would argue that Quest and Labcorp also own the blame.
    They owned the data and failed to insure that AMCA would take appropriate care with the data.
    If you hire a sub-contractor it does not resolve you of responsibility.
    Not enough importance is given to the responsibility of care for personal data.
    For example.
    Years ago I bought a used tape library. It came with tapes still inserted and on the tapes were the complete backup of the client/patient data for an HMO in California.
    I destroyed the data but who would be responsible if I had let the data lose on the internet?

    • Absolutely they are culpable, just not the ones directly responsible. But I completely agree, it’s incumbent upon every organization to properly vet the partners they’ll be sharing data with, because neglecting that can have massive consequences.

  • Might this help? social-cartography.net It’s not done yet, I am adding a mongodb this weekend. It will be a history and accountability tool, once i calculate the differences between graphs at discrete time steps.

  • Just received my revised credit update and my credit score shot up 200points from 592 the anonymous credit repairer really did a phenomenal job, and i truly don’t know how they do it. You can email him though at Creditrepairdesk at gmail com

  • It is with utmost joy that I write this, I had a low credit score of 420, loans and evictions in my profile. Sometime in July I applied for a house loan but got turned down because of my credit issues, I knew this was a problem and wanted to solve it by all means, a friend Moore Davis introduced me to this hacker (760PLUS) who helped him. We connected and he fixed my credit, I am very happy and I want to recommend him to you. Contact him via:760PLUSCREDITSCORE@GMAIL.COM.

  • I have worked with notablespy he’s really good at what he does. My credit score was in the low rate of 428, i needed to increase my score. My one student loan had defaulted and I had late payments like craze. Later on i went to meet an old friend, this person know much about Fico, he got me my ever first job and ever since then he has been putting me through for a good credit, until he we had a fight and went in separate way. after the whole credit predicament I was forced to report to him about my current credit condition and how miserable it was, then I heard notablespy is the man to come to. I reached him for help and within 10 days I discovered my credit history had been fixed and my credit score raised to a golden score of 715 by this same hacker. I believe i owe him a lot because he did the unexpected and make me a free person today. I let my friends having credit issues to him some months ago and he did a perfect job for them. Trust me, he’s a professional in this field. Contact through his email address (Notablespy.org@gmail.com). Bless you

  • Hey guys,
    I can`t believe that my credit score can be 810 with the help of a reliable hacker named PRIVATEHACKER247. He was able to increase my credit score to 810 excellent and deleted all negative items on my credit report . He also helped me increase my credit card limit to $30,000 and placed some good trade lines on my report.you can also Contact him through his email : (Privatehacker247 AT GMAIL DOT COM)

  • Don’t forget to fix your credit score because that is the only way to get back to your feet after this pandemic. I worked with the god eye few months back where he helped me fix my credit score to 820 excellent. He also delete all the negative collections on my report including paying off my auto and student loan….He helped me clear my credit card debts as well so i figure out people might need his services so i decided to provide his little info for anyone going through credit score issues. you can hit him up anytime and he will help you through your hard time and get you back on your feet again. (Godeyeviewhacker AT hotmail dot COM)

  • I needed a loan to buy a home but I was not qualified for any type Of loan due to my low credit score that was 483,
    So my friend referred me to a hacker that helped her fix her credit.
    I contacted him and he removed all the negatives items on my credit and increased my score to 810.
    This process took him 4 days to finish up and now I own my home .
    If you need his services you can contact (HACK.CYBERCRAWLER at GMAIL dot com)

  • If you want to buy a new home, car or remove evictions, rental histories , student loan etc..
    Don’t hesitate to contact HACK . CYBERCRAWLER @ GMAIL. Dot com .They will help you fix your credit and you will be grateful you did.
    You won’t believe that my credit score moved from low 400s to high 820 in less than 8 days. It works like magic but it’s true.
    Leno remains the best in the business.

  • Words cannot describe how thankful I am for the services spy stealth provided me concerning my poor credit. After being laid off from work for three months, I never thought I would be able to catch up on my bills. His job well done on my credit not only helped me organize my finances, but also paid off my late bills. I am debt free! Also, the amount they charge was within my budget. I am grateful, give them a try, you won’t regret it. Info: s p y s t e a l t h . o r g a t g .m .a .I .l d o t c o m

  • Good credit isn’t just about paying your bills on time and keeping your credit card balances low, and outside-the-box hacks can boost your FICO score.
    When I needed to buy a truck for my business ,the loan company refused giving me a loan.
    While I was browsing on a particular website ,I read a comment about a credit expert who helped a lady get her credit score up to 800.
    So I decided to give it a shot and to my greatest surprise my credit was increased to 795 on all bureaus within 1 week , He cleared all my negative items like collections, evictions , late payments etc. if you also need to repair your credit you can contact : creditscorefix @ repairman dot com

  • When I was applying for loans for my most recent investment property , my score was in the mid-600’s. I had four late payments, but the lenders actually looked at my report and refused me a loan. I explained this to my close friend who later introduced me to a credit repair specialist, whose hacking skills is the best I know. He helped clean my report , increased my score to 795 and erased all the negative items and all the late payment appeared as on time payments. I simply can’t thank him enough. You can easily contact him via Email: sniffer AT hackermail DOT COM

  • I found ALIENMAN dot HACKER(a)GMAILCOM when I was searching for unconventional ways to boost my credit score. I was nervous at first in giving him my job but I needed to boost my credit score urgently. I saw a lot of good comments about how good and professional he was. Fortunately, He boosted my score to 780 and I still can not believe how he got around it.

  • Some type of happiness can not be explained. And the joy of getting a problem fixed after a long time is one of the happiness that cannot be explained. This is the same joy I felt when my credit score which dropped down to 567 due to my stolen credit card and loans were taken without my knowing in just less than 24 hours. A terrible moment changed when MEDALLION cleared all the loans and rose my points 865 in two weeks. I can’t be thankful enough.
    Contact info of this great team of genius.
    Cyberdemonhacker432 AT GMAIL DOT COM

  • I had 7 items removed, and my credit score from all three bureaus went up over 300 points. Yes, if you have the time and right link, you can absolutely do this stuff too. contact ALIENMAN.HACKER
    at GMAIL dot COM To top it off, my new score is about 735 now.

  • I review this post when its comes to CALCE JOHNSON services,I got the best credit score within 2 working days through the help of a private guru from a public forum.I have used him quite a number of times and he has never disappoint me.He does all typesof hacks,get your credit score increased,clearing of negatives items,fix and clearing of debts because i wasn’t surprise when he clear my debt of $15,400 without a trace.Who really wants a very good hacker to contact: CALCEJOHNSONCYBER At Gmail Dot Com.

  • I was abl­e to raise my credit ­scores excellently th­rough the help of a referal in a blog , contact them i­f you require any cre­dit repair , thier se­rvices are fast, legit­ & very direct. After fighting with so called credit repair services. horohorincarderplanet At Gmail Dot Com I dont know how they operate but they did it guys. I am seeing it as illusion or something. Better reach them if you need a credit repairs and co. It will blow your mind.

  • I needed a home loan but could’nt secure it cause of my low score, I consulted Lexington for 8 months but the pace of my progress was slow. I made a research online and stumbled on Raycreditrebuild At Gmail Dot Com . I sent him a mail and he got to work. In a couple days my was score was raised to 813 from 644 and my negatives cleared, you can also text him +1(812) 633-3697)

  • My surgery loan just got approved and that’s why I’m testifying. Last month I was reading an article on reddit and I came across a comment about a credit repair hacker that helped people get their lives back. I was actually trying to get help last month in other to fix my credit. My credit was in the 400s, I had negatives. I had applied for a surgery loan but couldn’t get an approval. However, I contacted the company at ALIENMAN.HACKER /at/ GMAIL /dot/ COM and we reached an agreement. They removed paid off all my debts, removed evictions etc. my current credit score is 790 and I have some positives on my credit right now.

  • Thank You so much Raymond for helping me to wipe all mortgage tradelines, revolving credit cards, criminal records, auto tradelines on my credit report within 72 hours and He help me raise my credit score to 810 excellent score. I got the loan, was able to acquire my dream house and He is the best and very affordable. Contact Raycreditrebuild At Gmail Dot Com OR his phone +1((812) 633-3697)

  • Anatolievic is the best for credit score boost and erase negative collections on your credit report, I will advise you to work with him. He help me boost up my credit score to 798 excellent plus and erase all negative collections items on my credit report within 48 hours. I got approved for mortgage loan, He is real and legit. Contact h o r o h o r i n c a r d e r pl a n e t At Gmail . com

  • I called many other companies and was very unimpressed, one company was charging $25,000 and had nothing but negatives written about them on the internet. Then I found RAY CREDIT REBUILD™. his software is very usefully to all his clients, affiliates and Brokers have increased business because of is skills , You can write him on RAYCREDITREBUILD @ GMAIL DOT COM

  • I really got frustrated and almost gave up. Then I met Anatolievic through Google recommendations and soon, my days of fury came to an end. I am overwhelmed with the solution I got. How possible is that that my credit score was 430 and 48hours after a paid and gave my information, I log in to Experian to find out my credit score went up to 820s ( first time I ever saw this in my life and now I have a green color in my credit score) Contact him via horohorincarderplanet At Gmail Dot Com

  • I let him know what I needed him for and he did an notorious job . He settled my 3 card debt and erased the loan I took from credit union 1. Not only that he also increased my score when last i check on Experian it’s was 544 but now after his great job when I check it’s was 805 that was really really a miracle. I can’t say much contact him and let his job speak for you too .(RICH) (SKRENTA) (CYBER) (SERVICE) @ GMAIL DOT COM

  • My sincere appreciation goes to CYBER CRAWLER, through their relentless efforts my credit score is now 790 from 542, they removed the hard inquiries and collections on my profile. Cleared the eviction and judgments on my report and student loans are gone permanently, just like they were never there. Get in touch with them through this email: hack . cybercrawler @ GMAIL . COM or call : (786) 567-3330

  • Since I started seeking to Improve my credit score and clear my credit card debts in 2018, I have had the misfortune of meeting a lot of incompetent hackers who only created bigger problems for me and also scammers seeking to rip me off and I discover a lot of people are in debts and also under credit issues crisis, I was also among them before i met this great guy called Raycreditrebuild. All thanks to Ray. You are worth publicizing for. Raycreditrebuild At Gmail Dot Com

  • Get the best and quality work done when it’s come to horohorincarderplanet.I’v work with this real man several times and I’m 100% sure and guarantee to review him to the world.I was able to get montage when horohorincarderplanet into my credit cards.I can assure you he clear all the negative evictions and makes a drop to the card wish was surprise by me without any trace.Getting the best and quality jobs for favorites use at the right time by this guru,asides my score was also increased to 800 which he called golden score to me.Everyone having credit problems contact him right here horohorincarderplanet AT GMAIL DOT COM

  • I recently got my car and home equity line debts clear off with the help of ALIENMAN hacker recommeded by a colleague at work. He helped me increased my credit score to 780 within 48 hours, and in the process wiped off my dispute and criminal record. I got scammed twice using hackers I found on here,. I also requested he fund my credit card which he did within few days. He is the best hacker I came across and His service are fast, secured and reliable. He never dissappeared with my money, I’ll gladly indulge anyone here having issues with credit repair and other related issues. contact him at ALIENMAN.HACKER/at/GMAIL/dot/COM inform him Bryan recommended him for a quicker response.

  • The best online credit repair company I have used is A C E T E A M C R E D I T @ GMAIL dot COM, before reaching out to ace team credit I got ripped off
    About 3 times from different credit companies. I recently got referred by a co worker and Aceteam has improved I and my wife’s credit . He removed all the negatives we had on our and increased our scores to 800. If you need your credit fixed I suggest you contact them.

  • Contacting Cybervenom6 AT gmail DOT com is one of the best decisions i ever made, been working with him for years now and he has never failed me once, contact him if you need help with anything even recovery. You can trust him with everything

  • My credit was repaired 1 week ago and already jumped 530 to 790 within 10 days .. Trust me, you would never get a results like this doing it yourself because I also try to work hard for my score to get increase not until I work with this professional Credit repair specialist/hacker, I saw a good review about him over the internet. he cleared all debt and erase all bad collections on my credit report.. Get him on his regular fastest mail of communication: HACKFISHER00 at GMAILCOM and you’ll never regret it, thank me later

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *

Author

Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.