Billing Details for 11.9M Quest Diagnostics Clients Exposed
Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers.
The company reported to the U.S. Securities and Exchange Commission (SEC) that it received a notification from its billing collection provider American Medical Collection Agency (AMCA) that their web payment page was breached.
According to its website, AMCA is "managing over $1BN in annual receivables for a diverse client base" and it is the "leading recovery agency for patient collection," servicing "laboratories, hospitals, physician groups, billing services, and medical providers all across the country."
As detailed in the SEC notification from Quest Diagnostics, AMCA informed the company that "between August 1, 2018 and March 30, 2019 an unauthorized user had access to AMCA’s system that contained information that AMCA had received from various entities, including Quest Diagnostics, and information that AMCA collected itself."
Quest Diagnostics states that it took the following measures after being informed of the incident:
• suspended sending collection requests to AMCA;
• provided notifications to affected health plans and will ensure that notification is provided to regulators and others as required by federal and state law; and
• been working and will continue to work diligently, along with Optum360, AMCA and outside security experts, to investigate the AMCA data security incident and its potential impact on Quest Diagnostics and its patients.The notification also says that the information that could be accessed during the security breach includes financial information such as bank account data and credit card numbers, as well as medical and personal information like Social Security Numbers.
"As of May 31, 2019, AMCA believes that the number of Quest Diagnostics patients whose information was contained on AMCA’s affected system was approximately 11.9 million people," also says the SEC notification.
Quest Diagnostics said that it has not been able to confirm the accuracy of the info received from AMCA, and that no laboratory test results were impacted by the security incident since they were not provided to AMCA.
Related Stories
Submitted via IRC for SoyCow4463
A security breach at a billing company has resulted in nearly 20 million patients of LabCorp and Quest Diagnostics getting their information stolen from them. The breach was first disclosed Monday by Quest Diagnostics, which reported in a Securities and Exchange Commission filing that a breach at third-party collections vendor American Medical Collection Agency (AMCA) compromised 11.9 million customers. Today, LabCorp indicated that 7.7 million of its patients were also affected by the AMCA breach.
The attack targeted at AMCA's website is just the latest in a series of breaches that have managed to skim personal information from major companies. Similar attacks hit British Airways, Ticketmaster and Newegg late last year.
Source: https://www.engadget.com/2019/06/05/quest-diagnostics-labcorp-amca-data-breach/
Previously: Billing Details for 11.9M Quest Diagnostics Clients Exposed
(Score: 0) by Anonymous Coward on Wednesday June 05 2019, @02:22PM
This went on for eight months? Wow ... maybe their network security needs a diagnosis from Quest Diagnostics.
(Score: 1) by Snort on Wednesday June 05 2019, @04:22PM (1 child)
at a Quest lab. Did not know it included a free medical data dump.
(Score: 1, Insightful) by Anonymous Coward on Wednesday June 05 2019, @04:32PM
It's not really free. You'll end up paying in time, inconvenience, frustration and/or money. On the plus side your cholesterol looks good (at least that's what I read in the dark web forums).
(Score: 2) by urza9814 on Wednesday June 05 2019, @06:59PM (1 child)
Notice that it doesn't mention anything about actually informing the victims who may have had their information stolen....
(Score: 0) by Anonymous Coward on Wednesday June 05 2019, @08:33PM
I'm sure they'll just include it as a line item in the test results.
Code: SOL - Your personal information, including this EOB, has been accessed by unauthorized 3rd parties who may use it for their own personal gain and to the detriment of, but not limited to, your privacy and credit worthiness. This service was not covered by your insurance.