Quest Diagnostics Discloses Data Breach that May Have Exposed the Personal Information of Nearly 12 Million Patients
In a recent filing with the U.S. Securities and Exchange Commission, Quest Diagnostics disclosed that nearly 12 million patients may have had their personal and financial data exposed as a result of a breach that occurred through its billing collection vendor, American Medical Collection Agency. On May 14, 2019, AMCA informed Quest that it identified “potential unauthorized activity” on its web payment page that allowed an “unauthorized user” to gain access to millions of social security numbers, credit card numbers, bank account information and other sensitive data between August 1, 2018 and March 30, 2019 according to the filing. While no laboratory test results were exposed because Quest does not provide that data to AMCA, this breach sheds light on the fact that data held by medical companies is becoming an increasingly common target for cybercriminals. Although Quest reported that it has not yet been able to verify the accuracy of the information received from AMCA since the investigation is on-going, Quest has since suspended sending any further collection requests to AMCA out of an abundance of caution. Be Proactive: Monitor & Vet For patients of Quest that are concerned about their own information:
For business owners that are similarly concerned about their own stores of user and customer information, the Quest breach is a stark reminder to make sure that the proper safeguards to protect user and customer information are being implemented. Additionally, outside vendors and contractors that will have access to user data should be properly vetted to ensure that they have the appropriate security in place to protect user data. The Quest breach is yet another in the long-line of significant data breaches that the citizens of our country have endured. Unfortunately, these breaches will continue to occur – thus obligating both businesses and consumers to guard personal information in the most effective manner possible. |