Labcorp settled a data breach class action for $35 million. The case highlights ongoing third-party vendor risk in healthcare.
Laboratory Corporation of America Holdings, known as Labcorp, agreed to pay $35 million to settle a class action lawsuit over a data breach that may have exposed personal information of up to 7.7 million patients. The proposed settlement covers people whose data was transmitted by Labcorp to American Medical Collection Agency, or AMCA, between August 2018 and March 2019.
The breach hit AMCA's computer systems, not Labcorp's own network. Labcorp faces the cost of resolving claims that it failed to safeguard patient data passed to a third party for collections. The company denies wrongdoing and says the settlement is not an admission of liability.
Class members can file for documented out-of-pocket losses up to $5,000 per person. Those without receipts can claim an alternative cash payment estimated at $50. The settlement also offers two years of medical and healthcare information monitoring services through CyEx Medical Shield Pro.
The $35 million fund will also cover notice and administration costs, attorneys' fees, service awards, and taxes. The court still needs to grant final approval.
The breach was discovered in 2019. Litigation has taken years to reach a settlement framework. Labcorp has already absorbed legal costs and reputational damage. A final settlement would remove the overhang of an uncertain jury award or further discovery. If the court rejects the settlement or if opt-outs are high, Labcorp could face additional expense and exposure.
For shareholders, the headline number is manageable against Labcorp's revenue base. The company reported $12.2 billion in revenue in 2024. A $35 million payout plus fees is a rounding error. The breach exposed a vulnerability in third-party vendor management. Regulators have increased scrutiny of how healthcare firms handle vendor data security since the AMCA incident. A future incident with a tighter link to Labcorp's own systems could carry much higher costs.
The settlement website is live. Class members have a window to file claims. The exact deadline has not been set. Investors will watch for any signs that the plaintiff pool is large enough to trigger additional litigation or regulatory follow-up.
The resolution does not fix the underlying exposure: third-party data-sharing risk. Companies in diagnostics and healthcare remain vulnerable to breaches at billing and collections vendors. The AMCA breach affected Labcorp. It also affected Quest Diagnostics and other labs. No industry-wide standard requires vendors to carry breach insurance or certify security controls. No federal or state enforcement action has been announced against Labcorp over the AMCA breach.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.