Global Edition
Privacy & Security

Quest Diagnostics: Medical info of 11.9M compromised in breach

The unauthorized access also included Social Security numbers, credit card data and banking information – but not laboratory results, the company said.
By Mike Miliard
June 03, 2019
04:02 PM

A massive data breach at Quest Diagnostics has exposed the medical and financial information of as many as 11.9 million patients, according to the laboratory giant.

WHY IT MATTERS
Quest Diagnostics says that one of its outsourced vendors, American Medical Collection Agency, discovered an unauthorized user had gained access to an AMCA system that was connected to data from companies including Quest.

According to AMCA, which does billing collections for Optum360, a Quest contractor, this unauthorized person had access to the network for eight months – between Aug. 1, 2018, and March 30, 2019.

"The system contained sensitive data, including credit card numbers, bank account information, medical information and Social Security numbers," said Quest officials in a statement. "Lab results were not provided to AMCA and were not exposed in the breach."

Quest Diagnostics said that while it and Optum360 are working with forensic experts to learn more about the circumstances, "AMCA has not yet provided Quest with complete or detailed information about the breach and it has not been able to verify the accuracy of the information."

THE LARGER TREND
Even if the number of patients impacted by the Quest Diagnostics incident doesn't increase, the reported total is already up there with some of the largest-ever breaches in healthcare. In fact, it may be the second-biggest ever.

The reported totals are still smaller than the 79 million records compromised in the record-setting Anthem breach of 2015, but they're bigger than the Premera Blue Cross and Excellus BlueCross BlueShield breaches (more than 11 million and 10 million, respectively) that also took place that year – and used to hold the 2nd and 3rd spots on the list of healthcare's biggest breaches.

ON THE RECORD
"Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information," said the lab giant in a statement. "Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.

"Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law," officials said. "We are committed to keeping our patients, healthcare providers, and all relevant parties informed as we learn more."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com

Healthcare IT News is a publication of HIMSS Media.

Topics: 
Data Warehousing, Network Infrastructure, Privacy & Security

More regional news

Man with backpack on mobile device

A roadmap for designing more inclusive health chatbots

By
Andrea Fox
May 03, 2024
HIMSSCast logo

HIMSSCast: How to get more value from your EHR system

By
Bill Siwicki
May 03, 2024
Researcher at screen

NVIDIA integrates its AI microservices with AWS

By
Nathan Eddy
May 03, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Man with backpack on mobile device
A roadmap for designing more inclusive health chatbots

Most Read

How the Change Healthcare cyberattack is straining providers, and what the government can do
HHS response to cash flow concerns from Change cyberattack inadequate, providers say
After Change Healthcare, more effort needed to avoid cyberattack chain reactions
HIMSSCast: Web apps are ubiquitous in healthcare – and come with vulnerabilities
Change Healthcare begins to restore service after cyberattack – as lawsuits begin
HHS sends letter to healthcare leaders on Change cyberattack

Research

White Papers

More Whitepapers

Compliance & Legal
Artificial Intelligence
Analytics

Webinars

More Webinars

Privacy & Security
Artificial Intelligence
Analytics

Video

Christopher Falkner at Sodexo_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Making a career of medical device interoperability and security
Jessica Skopac at MITRE_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How MITRE helps break the silos of healthcare and technology
Emily Barey at Epic_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Saying 'yes' to the possibilities of a health IT career
Abigail Norville at the Netherlands Ministry of Health_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How the Dutch health ministry takes innovation inspiration from other nations

More Stories

Dr. Guido Giunti at Trinity College Dublin_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
Novel digital therapeutics for MS empower patients
Walmart store
Walmart announces closing of clinics and virtual care
Hacker with glasses and hat looking at two screens with data and code
Ransomware was used in 72% of network intrusions last year, says BakerHostetler
Amanda Bury, chief commercial officer at Infermedica
Telemedicine, enabled with responsible AI, can improve the patient experience
Kendall Brown at CenTrak_Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
How HIMSS membership can grow healthcare careers
Nurse using tablet
To get stronger AI buy-in from wary nurses, start with automation
Ellen Arigorat at NewYork-Presbyterian Hospital Palm trees and skyscrapers in Orlando Photo by Gabriele Maltinti/iStock/Getty Images Plus
HIMSS Changemaker champions Filipino-American health literacy
Doctors review practice finances
LLMs are not ready to automate clinical coding, says Mount Sinai study