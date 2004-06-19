from the indecent-exposure dept.
Billing Details for 11.9M Quest Diagnostics Clients Exposed
Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers.
The company reported to the U.S. Securities and Exchange Commission (SEC) that it received a notification from its billing collection provider American Medical Collection Agency (AMCA) that their web payment page was breached.
According to its website, AMCA is "managing over $1BN in annual receivables for a diverse client base" and it is the "leading recovery agency for patient collection," servicing "laboratories, hospitals, physician groups, billing services, and medical providers all across the country."
As detailed in the SEC notification from Quest Diagnostics, AMCA informed the company that "between August 1, 2018 and March 30, 2019 an unauthorized user had access to AMCA’s system that contained information that AMCA had received from various entities, including Quest Diagnostics, and information that AMCA collected itself."
Quest Diagnostics states that it took the following measures after being informed of the incident:
• suspended sending collection requests to AMCA;
• provided notifications to affected health plans and will ensure that notification is provided to regulators and others as required by federal and state law; and
• been working and will continue to work diligently, along with Optum360, AMCA and outside security experts, to investigate the AMCA data security incident and its potential impact on Quest Diagnostics and its patients.
The notification also says that the information that could be accessed during the security breach includes financial information such as bank account data and credit card numbers, as well as medical and personal information like Social Security Numbers.
"As of May 31, 2019, AMCA believes that the number of Quest Diagnostics patients whose information was contained on AMCA’s affected system was approximately 11.9 million people," also says the SEC notification.
Quest Diagnostics said that it has not been able to confirm the accuracy of the info received from AMCA, and that no laboratory test results were impacted by the security incident since they were not provided to AMCA.