(Reuters) - Opko Health Inc said on Thursday it was notified by its former billing collections vendor about unauthorized access to information on about 422,600 customers, making it the third healthcare company to be affected by the incident.

American Medical Collection Agency (AMCA) informed Opko Health that the compromised data may include credit card and bank account information, email addresses and other data such as address, phone number and balance information.

However, the company said no social security numbers, bank account passwords or security questions were compromised in the unauthorized activity that occurred between August 1, 2018 and March 30, 2019.

Earlier this week, rivals Quest Diagnostics Inc and Laboratory Corporation of America Holdings also announced that they were apprised of unauthorized access to their customer data stored on AMCA system.

The data breach is estimated to have affected about 11.9 million customers of Quest Diagnostics and about 7.7 million of LabCorp.

AMCA said in an emailed statement it is investigating the incident and has also hired an external forensics firm. Meanwhile, the company has migrated its web payments services to a third-party vendor.

The company told Opko Health it was notifying state attorneys general and other state agencies and nearly 6,600 customers that availed Opko’s testing services and whose credit card or bank account details were stored in AMCA’s affected system.

Shares of Opko were down 1.5% at $1.92 in afternoon trading.

Opko Health said it has not yet received the list of affected customers and had not been able to verify the accuracy of the information received from AMCA.

Opko Health said its affected unit, BioReference Laboratories Inc, suspended collection requests to AMCA since October last year, and has asked the vendor to stop working on any pending collection requests involving the company’s customers.