Quest Diagnostics Hackers Take Data from Thousands in MA, and 12 Million in Total
Quest Diagnostics, America’s leading provider for blood testing, announced Monday morning that the personal information of approximately 12 million customers may have been compromised. Between August 1, 2018, and March 30, 2019, personal, financial, and medical information was allegedly obtained by an unauthorized user that had access to AMCA. AMCA, better known as the American Medical Collection Agency, is a billing collections vendor of Quest Diagnostics. While the investigation is ongoing, Quest says that the laboratory test results of patients were not thought to be compromised.
In a filing to the Securities Exchange Commission, Quest Diagnostics stated, “(The) information on AMCA’s affected system included financial information (e.g., credit card numbers and bank account information), medical information and other personal information (e.g., Social Security Numbers).” Blood and lab testing results were not accessed by said unauthorized user, who is yet to be identified. Any further information has not reached Quest Diagnostics regarding the breach yet.
AMCA first informed Quest of the breach on May 14th. On May 31, Quest was told of the scope of the problem - roughly 11.9 million customers who may have been affected by the breach. The filing by Quest stated, “Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.” As of yet, AMCA has not shared the identities of those whose information is believed to be compromised, and Quest has not verified AMCA's claims.
Currently, Quest Diagnostics is cutting off collection requests with the American Medical Collection Agency until further notice. All health plans involved in the breach are being notified and updated accordingly.