The personal data of more than 20 million Maryland residents may have been stolen. 

Maryland Attorney General Brian Frosh is issuing a warning to Marylanders about their personal patient data. Recent cyber attacks against the American Medical Collection Agency could have resulted in the seizure of personal information of more than 20 million Maryland residents. The attacks took place between August 1, 2018, and March 30, 2019. The attorney general is recommending consumers check their credit and take the proper precautions if they believe they could be affected.

American Medical Collection Agency is a third-party group that collects payments for doctor groups, hospitals, laboratories, providers, and other medical related businesses. Businesses on the known impacted list include:

  • Quest Diagnostics -11.9 million patients
  • LabCorp: 7.7 - million patients
  • BioReference Laboratories - 422,600 patients
  • Carecentrix - 500,000 patients
  • Sunrise Laboratories - unknown

The types of information taken in the breach include name, date of birth, phone number, address, date of service, balance information, provider, credit card information, bank account information, Social Security number, and the type of lab test performed. As data breaches and cyber attacks become more common, the attorney general is warning Marylanders to safeguard their personal information.

Guard your credit information.

“Massive data breaches like the one experienced by the AMCA are extremely alarming, especially considering the likelihood that personal, financial, and medical information may now be in the hands of thieves and scammers,” said Attorney General Frosh. “I strongly urge consumers to take steps to ensure that their information and personal identity is protected.”

A law called the Maryland Personal Information Protection Act (PIPA) requires businesses to notify consumers when their personal information has been compromised. The AMCA has begun mailing notices to patients affected by this breach.

If you have been affected by this or another data breach, you should immediately take action by getting a free credit report at, putting a fraud alert or security freeze on your credit, and using two-factor authentication whenever possible. Visit the Maryland Attorney General’s Identity Theft page for help in protecting you and your children’s personal information.