American Medical Collection Agency Breach

Table of Contents
Cyber Security Breach Incident: .................................................................................................................... 3
Security Functions: ........................................................................................................................................ 3
Recommendations: ....................................................................................................................................... 4
References: ................................................................................................................................................... 5
Cyber Security Breach Incident:
American Medical Collection Agency is a local organization that collects bill. It was known from

Aug. 2018, and March 2019, the data was being accessed from unauthorized sources. The security

breach was detected in the payment gateway of the agency. The breach was initiated from the

Quest Diagnostic Patient data. It is reported that the data of about 7.7 million consumers was

compromised due to this security breach ("Another 7.7M affected by American Medical Collection

Agency breach", 2019). The personal information, as well as the payment credentials of

consumers, were compromised as these details were obtained usually for the payments of medical

and other bills (Massara, 2018). LabCorp is the organization that reported the number of consumers

affected. LabCorp also claimed that no medical information was compromised but the personal

information and payment details were affected ("Another 7.7M affected by American Medical

Collection Agency breach", 2019). The case is still under investigation that how much data is

affected. AMCA is sending details and notifications to the consumers whose data is compromised

but still the agency is not providing details to the LabCorp about the amount of data affected by

this breach.

Security Functions:
The organization believed the requirement for any organization to establish security checks and

measures that have a web existence. The organization being discussed has also an online portal for

the information of patients. It is necessary for the organization to run penetration tests and security

checks to ensure firewall and protection of data ("Another 7.7M affected by American Medical

Collection Agency breach", 2019). The websites having confidential information must have

monitoring and surveillance as the entry point to the private network are these websites. A strong

firewall and secure website help to avoid such critical security breaches. The organization that

faced breach is said to be receiving revenues of $1 billion dollars per annum.

The suggestions that were recommended to the organization by experts, after this breach included

the idea of legally bound instead of usual agreement. The security can be established in such cases

by enforcing the legal binding of the contracts that cover protection from such incidents. In this

case, as the entry point to private network was from Quest Diagnostics so there is a dire need of

making such organizations aware and legit for cybersecurity (Rademaker, 2016). In the recovery

and protection phase, it was also suggested that the healthcare providers should not only enforce

legal binding of contracts but also, they should follow security policy by making on-site visits,

security assessment and video conferencing ("Another 7.7M affected by American Medical

Collection Agency breach", 2019). This will lessen the chance of such incidents in future. The use

of data by sub-organizations must be made secure by the implementation of security agreements

as a part of business associates contracts.

Recommendations:
There are many cases of cybersecurity are reported every year but usually they are alleged of

compromised security. But in this case, the breach has nothing to do with the security of main

location of data (Rademaker, 2016). The entry point for breach of data was a sub-organization that

became reason of such a big breach of data where huge number of customers were affected

("Another 7.7M affected by American Medical Collection Agency breach", 2019). The health data

containing organizations should enforce the implantation of security policy by associates

according to the contracts of cybersecurity (Rademaker, 2016). To avoid such incidents, it is highly

recommended to have security checks and penetration testing of websites to sustain the system

security on associate partners and sub-organization level.

References:

Rademaker, M. (2016). Assessing Cyber Security 2015. Information & Security: An International Journal, 34,

93-104. doi: 10.11610/isij.3407

Another 7.7M affected by American Medical Collection Agency breach. (2019). Retrieved 14 September

2019, from https://searchhealthit.techtarget.com/news/252464639/Another-77M-affected-by-American-

Medical-Collection-Agency-breach