Breach at billing collection agency hits LabCorp, Quest Diagnostics patients


On Monday 3 June, Quest Diagnostics gave a press release stating almost 12 million of its customers' personal data had been accessed by an "unauthorized user".

On May 31, 2019, AMCA notified Quest and Optum360 that the data on AMCA's affected system included information regarding approximately 11.9 million Quest patients.

The information was provided by a Securities and Exchange Commission filing that Quest made to the American Medical Collection Agency (AMCA). The data includes financial data, Social Security numbers and medical information.

Please describe the resources that Quest Diagnostics dedicates to information and data security. Even though the happening of the breach did not take place at Quest Diagnostics, AMCA is the service provider to the Optum360, which provides the payment services in return to the Quest Diagnostics, Bost stated.

What new processes will Quest Diagnostics implement to better monitor the information and data security of the companies to which it outsources patient information? It also said it is providing two years of credit monitoring to anyone whose Social Security number or credit card account was compromised.

More news: Braves reach a one-year deal with Dallas Keuchel
More news: OH doctor charged with 25 counts of murder in opioid deaths
More news: US Services Sector Spike Gives Temporary Boost To Slowing Economy

In an emailed statement Monday, AMCA said it was taking steps to increase the security of its systems, including migrating its web payment portal services to a third-party vendor. AMCA told LabCorp that it was in the process of notifying those patients.

Forensic experts are said to be investigating the breach. Warner pointed to apparent gaps in oversight, expressed concern about the impact of cyber-attacks on the health care sector, and conveyed his desire to work alongside stakeholders to develop strategies that strengthen information security.

It also said that AMCA has not provided "detailed or complete information" about the hack, including which customers might have been affected.

The largest hack involving medical data occurred in 2014, when hackers infiltrated the servers of the health insurance company Anthem, compromising the personal information of 79 million people.