Lab Testing Giant Quest Diagnostics Says Data Breach May Have Hit Nearly 12 Million Patients

Lab Testing Giant Quest Diagnostics Says Data Breach May Have Hit Nearly 12 Million Patients

Clinical lab testing titan Quest Diagnostics acknowledged in a press release on Monday that an “unauthorised user” had gained access to personal information on around 11.9 million customers, including some financial and medical data.

Per NBC News, news of the breach comes via way of a Securities and Exchange Commission filing in which Quest wrote that American Medical Collection Agency (AMCA), which provides billing collection services to Quest contractor Optum 360, had notified it of the breach in mid-May. NBC wrote that Quest said AMCA’s web payments page had possibly been compromised from Aug. 1, 2018 to March 30, 2019.

In its statement, Quest wrote that compromised information could include “certain financial data,” Social Security numbers, and some medical material—but not the results of laboratory tests on patients. It also wrote the extent of the breach remained unclear:

AMCA believes this information includes personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results.

AMCA has not yet provided Quest or Optum360 detailed or complete information about the AMCA data security incident, including which information of which individuals may have been affected. And Quest has not been able to verify the accuracy of the information received from AMCA.

Quest added that it had “suspended” sending collections requests to AMCA. According to the Wall Street Journal, a spokesperson for Optum360 parent company UnitedHealth said their Optum360 systems were unaffected by the breach.

A firm representing AMCA issued a statement to NBC New York stating that AMCA had launched an internal investigation after being notified of a potential breach by a “compliance firm that works with credit card companies.”

That firm also wrote that AMCA had hired an “external forensics” company to investigate the breach, brought on a third-party vendor to manage its web payments system, “retained additional experts,” and notified law enforcement of the incident.

Major data breaches are widely believed by security experts to be growing in both number and severity, with systems tied to the health care industry one of the prime targets.

“Hackers target financial companies, like this billing collection company, as they often store sensitive financial information that can be turned into immediate gains,” Giovanni Vigna, co-founder of security firm Lastline, told the Washington Post.

“This kind of information is much more lucrative than personal health information that, at the moment, is not readily marketable by criminals.”

In May, federal prosecutors charged two individuals in connection with a breach at health insurance provider Anthem and other companies in 2014 that reportedly impacted some 78 million people. Prosecutors wrote in the indictment that the hackers had conspired to use the data to commit wire fraud.

In other incidents, sensitive medical documents or related information have reportedly simply been left sitting on unprotected servers.

Notable such situations have included an Healthcare.gov portal in 2018 that may have exposed sensitive, but non-medical, data on up to 75,000 people.


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.