Get Permission
A coalition of 41 state attorneys general has reached a settlement with American Medical Collection Agency in the wake of a 2018 data breach that compromised the personal and health data of 21 million individuals and pushed the company to file for bankruptcy.
Under the settlement, Elmsford, New York-based AMCA has agreed to implement data security practices, including developing and implementing an incident response plan, employing a CISO, and hiring a third-party assessor to perform an information security assessment.
As part of the agreement, AMCA may also be liable for a $21 million payment to the states if the company violates the injunctive terms of the agreement. Because of AMCA’s financial condition, however, the payment will be suspended if no violation occurs, the NY attorney general s statement notes.