HealthcareCISO

American Medical Collection Agency on March 11 reached a settlement with 40 states and Washington D.C., to settle a complaint following a 2019 cyberattack that exposed 21 million Americans' personal information, including Social Security numbers, diagnoses and credit card information.

The Elmsford, N.Y.-based company specializes in small-balance medical-debt collection and offers services mostly for laboratories and medical testing facilities.

Between Aug. 1, 2018, and March 30, 2019, an unauthorized user gained access to AMCA's internal network and collected customers' personal information. According to documents from the bankruptcy court of New York's southern district, AMCA received various warnings from banks that processed its payments, but it failed to detect the breach.

On June 3, 2019, AMCA gave...