Quest Diagnostics, the US clinical laboratory was affected by a massive data breach and the information of around 11.9 million patients has potentially been compromised.
The clinical laboratory said that American Medical Collection Agency (AMCA) which is a billing collections provider working with Quest, informed the company that an unauthorized user had managed to obtain access to AMCA systems.
Through the Quest contractor, the unknown person was able to access and potentially steal the patient data including Social Security numbers, medical information, and financial data.
Quest did not disclose what types of financial data have been exposed. However, laboratory test results are believed to have been not compromised.
The unauthorized activity took place on “AMCA’s web payment page,” which may suggest a card skimmer was in play.
The firm was made aware of the breach on May 14, but was unable to verify AMCA’s statement and was also not sure of exactly which patients have been involved. When the firm gets a better understanding of the situation the affected patients will be notified. On being aware of the data breach, AMCA collection requests have been suspended.
The law enforcement has been notified regarding the breach and a third-party cyber forensics firm has been hired to investigate the security incident.
They have migrated their web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement necessary measures to increase the security of the system.