The parent company of AMCA, the organisation whose Data was breached, filed for Bankruptcy
In our post on 25 June 2019 titled 'Why managing cyber risks along the supply chain is critical for large organisations', we quoted a report which mentioned that the personal health data of millions of patients belonging to Quest Diagnostics and Labcorp were exposed by a debt collection agency, AMCA who handles collections from patients on behalf of these 2 healthcare organisations.
Apparently post the revealing of the breach, many clients cancelled their relationship with AMCA effectively shutting off the company’s source of income. AMCA incurred more than $4 million in fees and expenses associated with the breach. As it doesn't have enough liquidity, AMCA took a $2.5 mil loan to cover the fees and expenses. AMCA also has to reduce its headcount from 113 prior to the breach to just 25 staff.
Last week, the parent company of AMCA, Retrieval-Masters Creditors Bureau Inc. filed for Chapter 11 bankruptcy protection in the US. The protection is mainly to allow AMCA some breathing room to appropriately evaluate its pool of remaining assets and liabilities, cost effectively respond to regulatory demands, and ultimately, to wind-up of its business in an orderly fashion through a liquidation process.
We hope organisations in Malaysia do take note of this development and not to disregard cyber risks lightly. A breach like what happened to AMCA resulted in 100+ people losing their jobs, millions of individuals potentially exposed to ransomware against them individually and the closure of the business. The bankruptcy protection is not the end of the story for AMCA as authorities in the US are investigating the cause and possibly the owners of AMCA for negligence.