Quest Diagnostics, one of the biggest blood testing providers in the country, admits nearly 12 million patients’ financial and medical data may have been breached between Aug. 1, 2018 – March 30, 2019.
Quest announced it believes someone gained unauthorized access to the systems of the American Medical Collection Agency, which is its billing collections vendor.
“Information on AMCA’s affected system included financial information (such as credit card numbers and bank account information), medical information and other personal information (such as Social Security numbers),” Quest said in a filing.
The company also said it has insurance coverage in place for potential liabilities and costs related to the breach, however, it is limited in the amount and subject to a deductible.
“Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information,” the company stated.
In response to the incident, Quest says they have suspended sending collection requests to AMCA, provided notifications to affected health plans and will ensure that notification is provided to regulators and others as required by federal and state law, and they have been working with outside security experts to investigate the incident and its potential impact on Quest and its patients.
The information on AMCA’s systems included medical information and financial information, but AMCA had nothing to do with laboratory tests and, therefore, the tests were not impacted by the breach.