A massive data breach at Quest Diagnostics has exposed the medical and financial information of as many as 11.9 million patients, according to the laboratory giant.
WHY IT MATTERS
Quest Diagnostics says that one of its outsourced vendors, American Medical Collection Agency, discovered unauthorized user had gained access to an AMCA system that had was connected data from companies including Quest.
According to AMCA, which does billing collections for Optum360, a Quest contractor, this unauthorized person had access to the network for eight months – between Aug. 1, 2018, and March 30, 2019.
“The system contained sensitive data, including credit card numbers, bank account information, medical information and Social Security numbers,” said Quest officials in a statement. “Lab results were not provided to AMCA and were not exposed in the breach.”
Quest Diagnostics said that while it and Optum360 are working with forensic experts to learn more about the circumstances, “AMCA has not yet provided Quest with complete or detailed information about the breach and it has not been able to verify the accuracy of the information.”
THE LARGER TREND
Even if the number of patients impacted by the Quest Diagnostics breach doesn’t increase, the reported total is already up there with some of the largest-eve breaches in healthcare.
It’s not quite as big as the 79 million records compromised in the Anthem breach of 2015, but it’s comparable in size to the Premera Blue Cross and Excellus BlueCross BlueShield breaches – more than 11 million and 10 million, respectively – that also took place that year.
ON THE RECORD
“Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information,” said the lab giant in a statement. “Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.
“Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law,” officials said. “We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more.
Source: Read Full Article