About 11.9 Million Quest Diagnostics users can view their financial, medical and other personal information as part of a data breach, the company said on Monday.
In a filing with the SEC, Quest announced last month that a billing system provider, the American Medical Collection Agency, reported on possible unauthorized activities on the online payment page of AMCA. AMCA offers billing services for Optum360, a Quest contractor. An unauthorized user breached into the system between August 1, 2018 and March 30, 2019, Quest said.
The system contains sensitive data, including credit card numbers, medical information, social security numbers, and bank account information, Quest said. The laboratory results were not provided to the AMCA and visible in the infringement. According to the AMCA, around 11.9 Million Quest patients were affected.
AMCA is yet to provide Quest with full or detailed information on the infringement and was unable to verify its accuracy, Quest said.
“Quest takes this issue very seriously and is committed to protecting the privacy and security of our patients’ personal information,” the company said in a statement. “Since we became aware of the AMCA data security incident, we have discontinued the submission of requests to AMCA.” Optum360 and Quest are inspecting the condition with forensic experts, Quest said.
ACMA said in a statement that it investigated an incident of data connecting an unauthorized user had access to its system. The company said that after a security compliance firm in credit card companies informed ACMA of a possible security compromise, it conducted an internal review and removed its web payment page.
ACMA reported that it hired an external law firm to conduct a survey, migrated the portal’s services from an external vendor, and recruited more experts to advise and implement measures to increase disclosure. The company also said it had informed police of the incident.