Burlington, N.C.-based Laboratory Corp. of America Holdings said unauthorized activity exposed data from nearly 7.7 million consumers.
The data may include personal and financial information, but not laboratory results, Social Security numbers and insurance identification, the company said in a Form 8-K filing.
The information was collected by a LabCorp contractor that provides billing collections services called the American Medical Collection Agency. The unauthorized activity occurred on AMCA's web payment page.
The collection agency is investigating the data breach that occurred between Aug. 1, 2018, and March 30, and has taken steps to increase the security of its systems, processes and data.
AMCA is notifying about 200,000 LabCorp consumers whose credit card or bank account information may have been accessed.
Healthcare services provider LabCorp has ceased collection requests to AMCA, and asked the agency to suspend work on any pending collection requests from the company's consumers.
This is the second time in recent days that AMCA has been implicated in a data breach. On June 3, Quest Diagnostic Inc. also suspended collections requests to the service provider after a data breach exposed about 11.9 million patients.