Bankruptcy after Data Breach
– a GDPR lesson best learned from others –
The American Medical Collections Agency’s parent company applies for Chapter 11 bankruptcy. Let’s update you on a story we covered a couple of weeks ago: the American Medical Collections Agency’s data breach. At the time we opined that AMCA ought to be the one using this security gaffe– not simply LabCorps and Quest. Now, simply two weeks later, the AMCA’s moms and dad business, Retrieval-Masters Creditors Bureau, is filling for Chapter 11 personal bankruptcy.
We talk all the time about the effects that can come with a data breach, the compliance penalties, the financial repercussions– the loss of confidence in your business. This is an ideal example. AMCA is a sub-brand of Retrieval-Masters, however, this impacts the whole business. So, today we’re going to talk a bit about AMCA, Chapter 11 bankruptcy and what this all means. Let’s hash it out.
What happened with AMCA?
Simply a quick reminder: The AMCA suffered a huge data breach that affected customers at 2 of the United States’ most significant lab screening companies: Mission and LabCorps. It also impacted some of its lesser-known testing companies, too: BioReference Laboratories, CareCentrix and Sunrise Labs.
“We are investigating a data incident involving an unauthorized user accessing the American Medical Collection Agency system. Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page,” a spokesperson for AMCA said at the time.
As the name recommends, the AMCA handles billing for the previously mentioned laboratory testing companies. Particularly collections. When you don’t pay on time, the AMCA is who harasses you. The breach happened since hackers were able to get into the AMCA’s web payment portal and gain access to company databases filled with clients’ personal data and payment information. Over 20-million consumers were impacted. And due to the fact that of HIPAA reporting requirements, the 2 lab companies both needed to make disclosures. Given their name acknowledgement, it was LabCorps and Mission who made the headlines, while AMCA usually came into the story a few paragraphs down. Now, karma is back.
What is Chapter 11 Insolvency?
First things first: Retrieval-Masters isn’t going out of business. It’s not shutting down. At least not right now. You likely still owe them some money (that they’re now going to be much more intent on collecting). What Chapter 11 insolvency does: it allows a business to “restructure” and to keep their company alive and pay their financial institutions in time. Much like there was an abundant paradox in Equifax getting its credit ranking lowered, there’s also a degree of schadenfreude in seeing a debt collection agency required to restructure its debts. Generally, Chapter 11 bankruptcies begin with the filing of a petition to the appropriate personal bankruptcy court in the company’s jurisdiction.
Retrieval-Masters/AMCA was running up one hell of an expense!
Let’s begin by talking about just how much money passes through the AMCA each year: “over $1 billion in yearly receivables …”. Clearly, they don’t get to keep all that, however, it’s still a considerable big figure to indicate just how costly this was for the collections agency. The examination into the incident expenses $400,000 and it cost an extra $3.8-million to send all of the required notices to clients. That’s over $4.2-million dollars simply reporting it. That was enough to force Retrieval Masters to leverage most of its existing possessions in order to get a loan that it need to now pay back.
Then you have inbound compliance and regulative charges that will total in the millions, plus there have currently been a set of class action suits submitted. Also, the overall variety of affected customers continues to grow by the day, which in turn beckons a lot more claims. It was enough of an existential hazard that Retrieval-Masters decided to take drastic action.
Let’s look at a few of the other effects from its filing with the Southern District of New York:
Based on the available information, Retrieval-Masters would classify as a small business in the US. Again, we discuss all the time how much more dangerous these kinds of security threats are to SMBs. This is a perfect study case. Don’t let cybersecurity and lack of compliance be your company’s ultimate, but a sudden end.