Quest Diagnostics and LabCorp, medical testing companies, have confirmed a major data breach. Reports are that the breach may have been the fault of third-party billing company American Medical Collection Agency. As many as 12 million Quest patients and another 8 million LabCorp patients arre affected.
As one of the largest medical collection agencies AMCA serves clinical laboratories, hospitals and physician groups.
According to LabCorp, AMCA’s affected system contained information provided by LabCorp that includes clients’ names, dates of birth, addresses, phone numbers, dates of service, healthcare providers and account balance information.
LabCorp noted that no patient lab test information, Social Security numbers or insurance identification was exposed. AMCA informed LabCorp that it is notifying some 200,000 LabCorp consumers whose credit card or bank account information may have been compremised.
According to a filing with the Securities and Exchange Commission the breach resulted from malicious activity on the payment pages of American Medical Collection Agency. The breach resulted in the theft of credit card numbers, medical and personal data by an “unauthorized user.”
According to Quest the breach dates back nearly a year to August 1, 2018 through March 30, 2019. Quest, stated that it has “not been able to verify the accuracy of the information” from the AMCA.
Quest has ceased sending collection requests to the vendor during the investigation and has hired outside security experts to determine the extent of the damage. The company also said that it “has insurance coverage in place for certain potential liabilities and costs relating to the incident; this insurance is limited in amount and subject to a deductible.”
Jennifer Kain, a spokesperson for AMCA, said in a statement, provided by a crisis communications firm, that it was “investigating” the breach.
This is second data breach to hit Quest in three years. A 2016 breach the lost the data of 34,000 patients stolen by hackers.
