Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
USA: 41 State AGs announce $21M settlement against AMCA following data breach
The Pennsylvania Attorney General ('AG'), Josh Shapiro, announced, on 11 March 2021, alongside 41 other state AGs, a $21 million settlement with Retrieval-Masters Creditors Bureau, conducting businesses as the American Medical Collection Agency ('AMCA'), resolving a multi-state investigation into the 2019 data breach that exposed the personal information of over 7 million individuals. In particular, under the terms of the settlement, AMCA and its principals have agreed to implement and maintain a series of data security practices designed to strengthen its information security program and safeguard the personal information of consumers, these include:
- creating and implementing an information security program with detailed requirements, including an incident response plan;
- employing a duly qualified Chief Information Security Officer;
- hiring a Third-Party Assessor to perform an information security assessment; and
- cooperating with the AGs with investigations related to the data breach and maintaining evidence.
As part of the settlement, AMCA may be liable for a $21 million total payment to the states. However, due to AMCA's financial condition, that payment is suspended unless the company violates certain terms of the settlement agreement.
You can read the press release here and the settlement here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
