Quest Diagnostics, a major provider of medical testing services, is notifying customers that some of their important personal data may have been compromised in a recently discovered breach.
The data breach reportedly occurred at one of Quest’s vendors, American Medical Collection Agency (AMCA). AMCA reported to Quest that unauthorized users gained access to internal network systems, and nearly 12 million Quest patients may have been affected.
According to Quest, Social Security numbers, financial information, and medical information may have been exposed. Quest said that the data that was breached did not include laboratory test results.
“AMCA first notified Quest and Optum360 on May 14, 2019 of potential unauthorized activity on AMCA’s web payment page,” Quest said in a statement. “On May 31, 2019, AMCA notified Quest and Optum360 that the data on AMCA’s affected system included information regarding approximately 11.9 million Quest patients.”
Quest said its vendor has not yet provided it with detailed or complete information about the incident. Because of that, Quest said it has not been able to specifically determine which patients’ records have been compromised.
“Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information,” the company said. “Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.”
First disclosed to the Securities and Exchange Commission
According to NBC News, the data breach was first disclosed in a Securities and Exchange Commission (SEC) filing. The breached system was for billing, so it contained patients’ financial records.
With data breaches becoming more common, it’s easy for consumers to become less concerned about them. That’s a big mistake, according to the Identity Theft Resource Center (ITRC), a non-profit based in San Diego.
“Unfortunately, far too many consumers do not check up on these kinds of attacks until it is too late,” the group said on its blog. “Even then, many victims of data breaches do not follow up on the support that notification letters offer, including things like identity theft protection or credit monitoring.”
ITRC has partnered with Futurion to produce a free tool called Breach Clarity that helps users assess their personal threat from a breach. You can find more information here.