Lab testing giant Quest Diagnostics said that the medical, financial and personal information of 11.9 million patients could be compromised due a security lapse by one of the company’s vendors.
According to an SEC filing, Quest Diagnostics was notified by billing company American Medical Collection Agency that an unauthorized user had access to AMCA’s system between August 1, 2018 and March 30, 2019.
ACMA provides billing services to Quest through its Optum360 revenue cycle management contract. Quest was first notified of the breach on May 14 and said it working to verify the information provided by AMCA.
Data on AMCA’s compromised system included financial information like credit card numbers, medical information and personal information like social security numbers.
Importantly, Quest Diagnostic laboratory results were not sent to AMCA and therefore not subject to the breach.
In response, Quest has suspended sending collection requests to AMCA, notified health plans and regulators and is working to investigate the incident with Optum360, AMCA and outside security experts.
“Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page,” AMCA said in a statement.
“We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security.”
Photo: Paul Campbell, Getty Images