Debt collector in health care data hack goes bankrupt
The recent high-profile data breach created “enormous expenses that were beyond the ability of the debtor to bear.”
Retrieval-Masters Creditors Bureau Inc., whose business was blamed for a large-scale data breach that affected millions of Quest Diagnostics Inc. customers, filed for Chapter 11 protection, citing fallout from the security issue.
The company, which collects patient receivables for medical labs under the name American Medical Collection Agency, listed assets and liabilities of as much as $10 million in its bankruptcy petition filed in the Southern District of New York. It’s aiming to liquidate, the company said.
Related: Health care data breaches highlight limits of HIPAA’s vendor oversight
Court documents cited a breach discovered in March that affected millions of people, including customers of Quest Diagnostics and Laboratory Corporation of America. Soon after, Quest, LabCorp, Conduent Inc. and CareCentrix Inc. — American Medical’s four largest clients — stopped doing business with the company, leading to the bankruptcy filing, according to court papers.
A representative for Retrieval-Masters didn’t provide a comment.
Cascading events
The data breach created a “cascade of events” resulting in the bankruptcy filing, Chief Executive Officer Russell H. Fuchs said in a court declaration. It incurred “enormous expenses that were beyond the ability of the debtor to bear,” he said.
Those expenses included more than $3.8 million spent on mailing more than 7 million individual notices to people whose information had been potentially hacked. Fuchs personally lent the company $2.5 million to help pay for those mailings, he said in the declaration. In addition, IT professionals and consultants hired in connection with the breach had cost Retrieval-Masters about $400,000 by the time of the filing.
The Elmsford, New York-based company learned of the breach after receiving notices saying a high number of credit cards tied to its web portal were connected to fraudulent charges, Fuchs said. Quest is facing a lawsuit in California and inquiry in Michigan about the breach.
Retrieval-Masters has slashed staff to 25 from 113 at the end of 2018, according to court papers.
Retrieval-Masters also collects non-medical consumer debt, according to its website. Fuchs founded the company in 1977 and was initially focused on small-dollar debt collections for direct-mail marketers, such as the various book-of-the-month or record clubs that predated the e-commerce boom, before transitioning into patient receivables, the declaration shows.
The case is Retrieval-Masters Creditors Bureau Inc., 19-23185, U.S. Bankruptcy Court for the Southern District of New York (White Plains)
Read more:
- Health care data hacks drawing attention of Congress
- How to reduce cybersecurity risk to employees’ health data
- One year later: The influence of Equifax & other data breaches on corporate culture
Copyright 2019 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.