Nearly 12 million Quest Diagnostics patients may be affected in data breach

A collection firm that worked with Quest Diagnostics informed the medical testing company that the data of 11.9 million patients may have been affected in a breach.

American Medical Collection Agency (AMCA), a billing collections service provider, reported that "an unauthorized user had access to AMCA's system containing personal information AMCA received from various entities, including from Quest."

Forensic experts are said to be investigating the breach.

AMCA first notified Quest and company Optum360 on May 14, 2019, of potential unauthorized activity on AMCA's web payment page.

On May 31, 2019, AMCA notified Quest and Optum360 that the data on AMCA's affected system included information regarding approximately 11.9 million Quest patients.

AMCA believes this information includes personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results.

Quest reports that AMCA has not yet provided them or Optum360 detailed or complete information about the AMCA data security incident, including which information of which individuals may have been affected.

Quest also said in a statement that they have "not been able to verify the accuracy of the information received from AMCA."

The statement continued:

"Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.

Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law.

We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more."

Experts suggest protecting yourself by changing your passwords, opening a separate credit card for making online transactions including making appointments. Also limit the information you put online to only what is absolutely needed and avoid saving credit card information online.

Quest Diagnostics Full Statement:

American Medical Collection Agency (AMCA), a billing collections service provider, has informed Quest Diagnostics that an unauthorized user had access to AMCA's system containing personal information AMCA received from various entities, including from Quest. AMCA provides billing collections services to Optum360, which in turn is a Quest contractor. Quest and Optum360 are working with forensic experts to investigate the matter.

AMCA first notified Quest and Optum360 on May 14, 2019 of potential unauthorized activity on AMCA's web payment page. On May 31, 2019, AMCA notified Quest and Optum360 that the data on AMCA's affected system included information regarding approximately 11.9 million Quest patients. AMCA believes this information includes personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results.

AMCA has not yet provided Quest or Optum360 detailed or complete information about the AMCA data security incident, including which information of which individuals may have been affected. And Quest has not been able to verify the accuracy of the information received from AMCA.

Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.

Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law.

We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more.