Quest Diagnostics: 11.9 million patients’ information exposed in data breach
About 11.9 million Quest Diagnostics patients may have had their financial, medical and other personal information exposed in a data breach, the company said Monday.
In a filing with the Securities and Exchange Commission, Quest said a billing collections vendor, American Medical Collection Agency, notified it last month of potential unauthorized activity on AMCA’s web payment page. AMCA provides billing collections services to Optum360, which is a Quest contractor. An unauthorized user had access to the system between Aug. 1, 2018, and March 30, 2019, Quest said.
The system contained sensitive data, including credit card numbers, bank account information, medical information and Social Security numbers, Quest said. Lab results were not provided to AMCA and were not exposed in the breach. AMCA thinks 11.9 million Quest patients were affected as of May 31, 2019, Quest said.
AMCA has not yet provided Quest with complete or detailed information about the breach and it has not been able to verify the accuracy of the information, Quest said.
“Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information,” the company said in a press release. “Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.” Quest and Optum360 are investigating the situation with forensic experts, Quest said.
ACMA in a statement to CNBC said it’s “investigating a data incident involving an unauthorized user” accessing its system. The company said that after a security compliance firm that works with credit card companies alerted ACMA of a possible security compromise, ACMA conducted an internal review and took down its web payments page.
ACMA said it hired a third-party external forensics firm to investigate, migrated its web payments portal services to a third-party vendor, and hired more experts to advise and implement steps to increase its systems’ security. The company said it also advised law enforcement of the incident.
The company added, “We remain committed to our system’s security, data privacy, and the protection of personal information.”
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise