A massive data breach at Quest Diagnostics has exposed the medical and financial information of as many as 11.9 million patients, according to the laboratory giant.
WHY IT MATTERS
Quest Diagnostics says that one of its outsourced vendors, American Medical Collection Agency, discovered an unauthorized user had gained access to an AMCA system that had was connected data from companies including Quest.
According to AMCA, which does billing collections for Optum360, a Quest contractor, this unauthorized person had access to the network for eight months – between Aug. 1, 2018, and March 30, 2019.
“The system contained sensitive data, including credit card numbers, bank account information, medical information and Social Security numbers,” said Quest officials in a statement. “Lab results were not provided to AMCA and were not exposed in the breach.”
Quest Diagnostics said that while it and Optum360 are working with forensic experts to learn more about the circumstances, “AMCA has not yet provided Quest with complete or detailed information about the breach and it has not been able to verify the accuracy of the information.”
THE LARGER TREND
Even if the number of patients impacted by the Quest Diagnostics incident doesn’t increase, the reported total is already up there with some of the largest-ever breaches in healthcare. In fact, it may be the second-biggest ever.
The reported totals are still smaller than the 79 million records compromised in the record-setting Anthem breach of 2015, but they’re bigger than the Premera Blue Cross and Excellus BlueCross BlueShield breaches (more than 11 million and 10 million, respectively) that also took place that year – and used to hold the 2nd and 3rd spots on the list of healthcare’s biggest breaches.
ON THE RECORD
“Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information,” said the lab giant in a statement. “Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.
“Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law,” officials said. “We are committed to keeping our patients, healthcare providers, and all relevant parties informed as we learn more.”
- Content by Mike Miliard, June 3, 2019
- Originally posted at https://www.healthcareitnews.com/news/quest-diagnostics-medical-info-119-million-compromised-breach
- Image credit: Getty Images