Labcorp Agrees to $35 Million Settlement in AMCA Data Breach Litigation

Case Snapshot

  • Court: U.S. District Court for the District of New Jersey
  • Case: In re American Medical Collection Agency, Inc. Customer Data Security Breach Litigation (Labcorp Track), No. 19-MD-2904
  • Decision Date: Settlement Agreement filed March 13, 2026
  • Core Issue: Liability arising from the AMCA cybersecurity breach involving patient and consumer information.
  • Key Allegation: Plaintiffs alleged negligence, breach of contract, and related claims stemming from the exposure of personal information maintained by AMCA.
  • Court Holding: No final ruling on liability. Settlement remains subject to final court approval.
  • Outcome: Proposed $35 million class action settlement fund established for affected individuals.
  • Notable Detail: Eligible class members may seek up to $5,000 in documented losses or an alternative cash payment estimated at $50, plus two years of medical information monitoring.

Laboratory Corporation of America Holdings (Labcorp) has agreed to a $35 million class action settlement to resolve litigation stemming from the 2018-2019 cybersecurity breach at American Medical Collection Agency (AMCA), a third-party medical debt collection vendor that handled accounts on Labcorp’s behalf. The proposed settlement would resolve claims brought by individuals whose personal information was allegedly exposed during the incident, while Labcorp continues to deny wrongdoing or liability.

The settlement marks another significant development in one of the largest healthcare-related data breach cases tied to the accounts receivable management and medical collections industry. 

According to court filings, AMCA notified Labcorp in May 2019 that unauthorized parties had potentially accessed AMCA systems between August 2018 and March 2019. The incident allegedly exposed personal information that Labcorp had provided to AMCA for collection purposes.

Nearly Seven Years of Litigation Lead to Settlement

The proposed agreement was reached after six years of litigation in the multidistrict litigation proceeding pending in the U.S. District Court for the District of New Jersey. Plaintiffs alleged negligence, breach of contract, and other claims related to the handling of personal information transmitted to AMCA. Labcorp denied the allegations and maintained that any alleged damages were not caused by its actions.

Under the settlement, Labcorp will fund a non-reversionary settlement fund totaling $35 million. The agreement specifies that the fund will cover class member benefits, settlement administration costs, attorneys’ fees and expenses, service awards, and other approved costs.

The settlement class includes individuals whose information was transmitted by Labcorp to AMCA and was contained within the systems affected by the cybersecurity incident.

Benefits Available to Class Members

Eligible class members will be able to submit claims for:

  • Up to $5,000 in documented out-of-pocket losses related to the breach.
  • An alternative cash payment estimated at $50 without documentation of losses.
  • Up to two years of medical and healthcare information monitoring services through CyEx Medical Shield Pro.

The settlement benefits may increase or decrease depending on claim participation and the final net settlement fund available after expenses and court-approved awards are deducted.

Medical Shield Pro monitoring services include dark web monitoring, healthcare insurance plan monitoring, medical record monitoring, identity theft insurance coverage up to $1 million, and fraud recovery assistance.

Implications for Medical Collections and Vendor Oversight

Although the settlement does not include an admission of liability, it serves as another reminder of the risks creditors, healthcare providers, and collection agencies face when sharing consumer information with third-party vendors.

The AMCA breach affected multiple healthcare organizations and ultimately contributed to the collection agency’s bankruptcy and closure. The case continues to highlight the importance of vendor due diligence, cybersecurity assessments, data security controls, and ongoing oversight of third-party service providers that handle sensitive consumer and patient information.

For organizations operating within healthcare collections and receivables management, the litigation underscores how data security incidents involving vendors can create significant legal exposure years after the underlying breach occurs.

Published On: June 15th, 2026|By |Categories: Industry News & Announcements|Tags: |

Related Posts

Tennessee Federal Court Sanctions Law Firm Over AI-Generated Court Filings

Tennessee Federal Court Sanctions Law Firm Over AI-Generated Court Filings

June 15th, 2026
Student Loan Default Transfer to Treasury Raises Capacity Questions for Federal Collections

Student Loan Default Transfer to Treasury Raises Capacity Questions for Federal Collections

June 15th, 2026
Dashboard displaying key receivables management metrics including recovery rate, contact rate, promise-to-pay rate, and portfolio performance analytics.
Beyond Collections: Understanding Recovery Rate, Contact Rate, and the Other Metrics

Beyond Collections: Understanding Recovery Rate, Contact Rate, and the Other Metrics

June 15th, 2026

News

Latest News

Regulatory News