Quest Diagnostics says almost 12 million people could have been affected by a data breach that includes their personal information, certain financial data, Social Security numbers and medical information.
According to a Securities and Exchange Commission filing known as an 8-K, the vendor, American Medical Collection Agency, told Quest that hackers had access to its system from August 1, 2018 to March 20, 2019.
Quest said patients impacted by the data breach will be notified.
Since learning of the AMCA data security incident, Quest Diagnostics has suspended sending collection requests to AMCA.
AMCA provides billing collection services to Optum360, which is a Quest contractor.More news: How To Watch Apple's WWDC 2019 Keynote Live In Australia
More news: Second seed Pliskova knocked out of French Open
More news: FedEx under investigation by China as Huawei alleges parcel interference
Credit card numbers, bank account information, medical information, and Social Security numbers may have been exposed, the company said in a filing on Monday. AMCA and Optum360 did not immediately respond to a request for comment from CNN Business.
Quest will be working with Optum360 to ensure patients are appropriately notified.
Quest provides lab testing services to about half of the doctors and hospitals in the USA, according to securities filings.
It also said that AMCA has not provided "detailed or complete information" about the hack, including which customers might have been affected.