Marylanders are being warned that their medical and other private information may have been compromised by a cyberattack against American Medical Collection Agency, a third party collection agency for laboratories, hospitals, physician groups, medical providers and others, according to a Maryland Attorney General’s Office press release.

The currently known list of affected entities encompasses over 20 million patients. The list is likely to expand, according to the release, and includes the following entities:

• Quest Diagnostics, 11.9 million patients.

• LabCorp, 7.7 million patients.

• BioReference Laboratories, 422,600 patients.

• Carecentrix, 500,000 patients.

• Sunrise Laboratories, unknown number of patients.

The compromised information varies for each, but includes some or all of the following information: patient name, date of birth, address, phone number, date of service, provider, balance information, payment card information, bank account information, social security number and the lab test performed.

AMCA’s payment system was compromised on Aug. 1, 2018, and remained vulnerable through March 30, 2019. AMCA has started sending out written notices to consumers whose credit card number, social security number or lab test order information may have been accessed.

Recent reports of massive data breaches highlight the need for Marylanders to be vigilant about their personal information and aware of how it may be compromised and misused.

The Maryland Personal Information Protection Act requires any business that keeps electronic records containing the personal identifying information of residents to notify those residents if their information is compromised.

Consumers should always carefully review their financial and medical account regularly for suspicious activity and immediately report all suspicious or fraudulent charges to their financial institutions or health insurance providers, the attorney general said in the release. Consumers impacted by the AMCA data breach should be especially vigilant.

“Massive data breaches like the one experienced by the AMCA are extremely alarming, especially considering the likelihood that personal, financial, and medical information may now be in the hands of thieves and scammers,” Attorney General Brian E. Frosh (D) said in the release. “I strongly urge consumers to take steps to ensure that their information and personal identity is protected.”

Those who believe they may have been affected by this breach should immediately take the following steps to protect their information:

• Obtain a free credit report at or by calling 877-322-8228.

• Put a fraud alert on credit files.

• Consider a security freeze on credit files (for more information about freezes, visit

• Take advantage of any free services being offered as a result of the breach.

• Use two-factor authentication on your online accounts whenever available.

The Office of the Attorney General has an Identity Theft Unit that offers guidance and assistance.

If consumers feel they have been harmed and want to file a complaint, they may call the Attorney General’s Identity Theft Unit at 410-576-6491.