BioReference, a blood testing lab firm with approximately 40 Florida locations, said in a government filing Thursday that some patients’ information may have been hacked in a third-party data breach. The company is a subsidiary of Miami-based OPKO Health.
According to company estimates, approximately 422,600 BioReference patients had their information stored on the servers of American Medical Collection Agency, which was hacked beginning Aug. 1, 2018. BioReference said it stopped doing business with AMCA in October, though did not specify why it did so. A representative for OPKO did not immediately respond to a request for comment.
AMCA has already notified approximately 6,600 BioReference patients that personal information — including credit card and banking information — may have been affected. BioReference said it provided no laboratory results or diagnostic information to AMCA. While AMCA told BioReference that no Social Security numbers were compromised, BioReference has not been able to verify the accuracy of that information.
AMCA said that it would provide affected patients with more specific information about the breach and offer them identity protection and credit monitoring services for 24 months. AMCA has not yet provided BioReference a list of the affected patients or more specific information about them, Bioreference said.
BioReference’s announcements comes after testing giants Quest and LabCorp announced they too were customers of AMCA, with potentially millions of patients affected by the breach.