Personal information of 11.9 million Quest Diagnostics patients breached
The web payment page of the American Medical Collection Agency, or AMCA — a billing collections service provider — experienced potential unauthorized activity by an unknown user, resulting in a breach of personal information of approximately 11.9 million Quest Diagnostics patients, according to a press release.
Quest develops diagnostic tests for infectious diseases. In 2013, they partnered with the CDC to improve hepatitis C screening in baby boomers. In 2016, the company released a Zika antibody test that was developed and licensed by the CDC, and they also launched a testing service in 2017 to evaluate patients’ responses to hepatitis B virus therapies.
The data breach involves three companies: Quest, Optum360 and the AMCA. Optum360 is a Quest contractor for which the AMCA provides billing collection services, and on May 14, the AMCA notified Quest and Optum 360 of potential unauthorized activity on the AMCA’s website. On May 31, it was confirmed that the data breach affected the personal information of approximately 11.9 million Quest patients.
According to the press release, the exposed personal information possibly includes certain financial data, Social Security numbers and medical information. However, the AMCA does not believe laboratory test results were violated.
Quest and Optum360 are still waiting on “detailed and complete information” from the AMCA about the security breach, and it is still not clear “which information of which individuals may have been affected,” according to the release.
Infectious Disease News reached out to Quest for comment and was referred to the company’s press release.
“Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to [the] AMCA,” the company said in a release. “Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law. We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more.”