Within just a few days of each other, both Quest Diagnostics and Lab Corp, two of the largest blood testing providers in the nation, warned that millions of their customers might have had information breached. In both cases, customers may have had personal, financial and medical information breached due to an issue with the American Medical Collection Agency (AMCA), a billing collections service provider used by both companies.
Between August 1, 2018, and March 30, 2019, someone had unauthorized access to the systems of AMCA. Quest reported that the affected system stored information on roughly 11.9 million of its patients. In addition, LabCorp numbers could be up to 7.7 million customers.
“(The) Information on AMCA’s affected system included financial information (e.g., credit card numbers and bank account information), medical information and other personal information (e.g., Social Security Numbers),” Quest said in a filing with securities regulators. AMCA did not have access to actual lab test results.
Change Your Behavior After the Breach
If you, like pretty much EVERYONE I know, have used either of these services, follow the steps below to protect yourself against future attacks.
- Assume that your identity has been compromised. If you have been a customer of either company, don’t take a chance that you are one of the very few customers that aren’t affected. It’s not time to panic; it’s time to act.
- Read the explanation of benefits statement from health insurers to confirm that your charges are correct.
- I recommend placing a verbal password on all of your bank accounts and credit cards so that criminals can’t use the information they have from the breach to socially engineer their way into your accounts. Call your banks and credit card companies and request to place a “call-in” password on your account.
- Begin monitoring your bank, credit card, and credit accounts regularly.
- Visit AnnualCreditReport.com to get your credit report from the three credit reporting bureaus to see if there are any newly established, fraudulent accounts set up. DON’T ONLY CHECK EQUIFAX, AS THE CRIMINALS HAVE ENOUGH OF YOUR DATA TO ABUSE YOUR CREDIT THROUGH ALL THREE BUREAUS.
Take Action on Your Accounts
- Change your passwords. We hear all the time about stupid things people do when it comes to creating passwords; the most commonly used passwords in the United States for the past several years include “123456”, “password” and some variation like “password1234”. The bottom line is it is nearly impossible to effectively create and remember all the passwords we need to function in our daily lives. It seems there are two ways people handle this. They continue to use the same (usually poor) passwords over and over, or they do what I highly recommend and use a password manager program.
- Enable two-step logins. Two-step logins are when two separate passcodes are required to log in to one of your online accounts. One of the most common and popular forms is called text verification, and I’m sure you’ve already experienced it. That’s where you log in to your online account with your regular username and password, and then a secondary passcode is sent to your phone by text or even better, through an App like Google Authenticator. Without that second passcode, no one gets into the account.
- Set up account alerts. To monitor accounts quickly and conveniently, sign up for automatic account alerts when any transaction occurs on your account. As a result, if you spend even a dollar at a store, you receive an email or text notifying you of the purchase. If you receive an email for an amount you didn’t spend – bingo – you’re probably a victim of fraud.
- MOST IMPORTANTLY, FREEZE YOUR CREDIT. Some websites and cybersecurity experts will tell you to place a fraud alert on your three credit profiles. I am telling you that this isn’t strong enough to protect your credit. Freezing your credit puts a password on your credit profile so that criminals can’t apply for credit in your name (unless they steal your password too). Here are the credit freeze websites and phone numbers for each bureau. Learn more about freezing your credit by watching the video here.
Contact Credit Companies
Equifax Credit Freeze
P.O. Box 105788 Atlanta, Georgia 30348
TransUnion Credit Freeze
Fraud Victim Assistance Department P.O. Box 6790 Fullerton, CA 92834
Experian Credit Freeze
P.O. Box 9554 Allen, TX 75013
John Sileo loves his role as an “energizer” for cyber security at conferences, corporate trainings, and industry events. He specializes in making security fun so that it sticks. His clients include the Pentagon, Schwab and many organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime. Call if you would like to bring John to speak to your members – 303.777.3221.