Dive Brief:
- Clinical laboratory giant LabCorp disclosed Tuesday 7.7 million patients' personal and financial data was exposed during the same data incident rival Quest Diagnostics announced Monday.
- One of LabCorp's billing collections vendors, the American Medical Collection Agency, experienced unauthorized activity on its web payment page between Aug. 1 and March 30. In a Securities and Exchange Commission disclosure, the company said Social Security numbers, insurance identification information and laboratory results were not exposed during the breach.
- Wednesday morning, LabCorp announced CEO David King would be stepping down from his roles as chief executive and president of the company to become executive chairman of the board of directors on Nov. 1.
Dive Insight:
Adam Schechter, the current lead independent director of LabCorp's board and former Merck EVP of global human health, will become the company's new CEO.
King, who served as CEO for almost 13 years, oversaw LabCorp as it tripled in size. He joined the company as its general counsel and chief compliance officer in 2001 after serving as its principal outside legal counsel for several years. The company notched more than $11 billion in revenue during 2018.
"Dave positioned the company as a market leader in both laboratory testing and global drug development, led the company to strong growth over the past decade while navigating significant changes in government healthcare reimbursement policy, and spearheaded the forward-thinking acquisition and integration of Covance," Schechter said in a statement.
LabCorp announced AMCA is in the process of sending notices to 200,000 patients whose credit card or bank account information may have been accessed. Those customers will be offered identity protection and credit monitoring services for 24 months, according to AMCA.
More actions may be taken once LabCorp receives more information about the AMCA data breach, the company said.
"In response to initial notification of the AMCA Incident, LabCorp ceased sending new collection requests to AMCA and stopped AMCA from continuing to work on any pending collection requests involving LabCorp consumers," the SEC notice states.
Last July, LabCorp was the target of a ransomware attack that cost the company $24 million and resulted in it pulling parts of its IT system offline.