Quest Diagnostics discloses breach of 11.9 million patient records

Henrietta Brewer
June 3, 2019

Quest Diagnostics on Monday said almost 12 million of its patients have had personal data exposed as a result of a cybersecurity incident at a billing collections vendor.

A billing collections vendor notified Quest Diagnostics of the discovery of "unauthorized activity" on its online payment page.

"Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information". Quest Diagnostics said it has stopped using AMCA since learning of the incident.

A billing collections provider, which handles data for Quest, says someone was able to access their system with personal information in it. On May 31, 2019, AMCA notified Quest and Optum360 that the data on AMCA's affected system included information regarding approximately 11.9 million Quest patients.

A collections agency called American Medical Collection Agency notified Quest about a potential intrusion on May 14 and then reported on the scope of the breach on Friday.

Quest Diagnostics' laboratory test results were not provided to the vendor, AMCA, and were not compromised by the incident.

Credit card numbers, bank account information, medical information, and Social Security numbers may have been exposed, the company said in a filing on Monday.

Other reports by iNewsToday