Photo: Scott Olsen / Getty

A billing collections agency that was hacked last year in an incident believed to impact millions of medical patients is now seeking a federal bankruptcy court’s protection from its own creditors.

American Medical Collection Agency (AMCA) filed for Chapter 11 bankruptcy protection in New York this week citing a “cascade of events” stemming from the March 2019 realization that its systems had been breached, as well as the decision of its four major clients to jump ship.

Advertisement

The breach, CEO Russell Fuchs wrote the court, “resulted in enormous expenses that were beyond the ability of the Debtor to bear.”

Advertisement

Millions of patients who had undergone lab testing at Quest Diagnostics and LabCorp facilities are said to have been affected by the breach. In its wake, AMCA paid roughly $400,000 to hire outside security professionals to determine the source of the attack. It also cost millions of dollars to notify anyone who might’ve been affected.

“Because the [AMCA] was unable to determine a particular subset of persons or data files that had been hacked, the Debtor had no choice but to work under the assumption that all of the information within its servers were compromised,” wrote Fuchs, who loaned AMCA $2.5 million of his own money to complete the process.

Advertisement

The company was also forced to lay off nearly 90 employees this year, he added. In his declaration, Fuchs requested the court’s permission to continue compensating the 25 who are left.

Fuchs said the company, which he founded in 1977, originally had its own IBM mainframe that served AMCA’s purposes “well for many years.” But changes in technology (most notably, the shift to cloud computing) made it clear, he said, that continued reliance on the office system “would not be tenable in the long term.”

Advertisement

After years of planning, Fuchs wrote, the company moved its systems to a cloud service provider in 2015. The company invested over a million dollars on, among other precautions, the hiring of “outside IT consultants” to ensure AMCA’s data security protocols reflected “current technological standards.”

AMCA estimates its current liabilities at somewhere between $1-10 million. The company, along with Quest Diagnostics and LabCorp, are currently the subjects of investigations and lawsuits linked to the breach in multiple states, including New York, California, and New Jersey.

Advertisement