Vertical Markets

Quest Diagnostics Expose Patient Data After Breach

by msecadm4921

On June 3rd 2019, Quest Diagnostics announced that its  billing vendor, American Medical Collection Agency (AMCO), suffered a data breach. The testing company was hit with a first class-action lawsuit on the 12th June, after it was disclosed that nearly 12 million patients data was exposed.

Quest Diagnostics, a Fortune 500 company, are one of the biggest providers of clinical laboratory testing in the Unites States. There is a good chance that if an organisation requires a drugs screening, they will use one of the 2,000 locations spread across the United States. They also have operations in Brazil, Mexico, India and the United Kingdom.

The breach was first reported by AMCA on the 14th May and it is understood that the attackers gained access to the company’s systems in August 2018 through to March 2019. Upon gaining access to the system, the unknown party focused their attack on payment pages, recording personal and payment information. Quest Diagnostics use the third party company, AMCA, to track customers that have outstanding bills. Since learning of the breach, Quest Diagnostics have ceased sending requests to AMCA, and we believe the third party company has arranged a security audit through an outside firm.

Unfortunately for patients, the data breach was a result of inadequate cybersecurity procedures and resulted in their personally identifiable information being stolen. The information taken included credit card numbers, bank account information and in some circumstances, medical information. This breach leaves many of the victims at risk of identity fraud as a result their data being exposed. Quest Diagnostics have been accused of failing to notify patients of the attack and it is rumoured that the lawsuit could seek upwards of $5 million (£3.9 million) in potential damages.

Due to the amount of sensitive data they hold, healthcare companies are extremely susceptible to data breaches. This breach is an example of another high profile company who have fallen the victim to a cyber-attack in a bid to retrieve sensitive information. It is a topic that has been discussed many times before but we cannot stress the importance of having an adequate security protocol.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing