On June 3, 2019, Quest Diagnostics released a statement saying it encountered a data security breach. The American Medical Collection Agency (AMCA), a billing collections service provider, notified Quest Diagnostics about the breach.
According to Quest Diagnostic’s press release, AMCA first reached out to the company on May 14, 2019. AMCA also notified Optum360.
CBS mentions that Quest works with Optum360 for its billing collections, who in turn outsourced AMCA.
Series of Attacks
This is the second time in three years which affected Quest customers, reports Tech Crunch. The first attack happened in 2016, affecting 34,000 patients.
Other companies affected by credit card skimming and data privacy breach include British Airways, Newegg, and Ticketmaster. Hackers obtained millions of personal information and credit card details.
In a hacking incident targeting healthcare.gov last December 2018, Fortune reports that compromised data came up to 75,000.
Privacy Security Breach
CNBC reports that the AMCA notified Quest and Optum360 due to unauthorized activity on the billing agency’s website. The news site also notes that the system recorded unauthorized user access between August 1, 2018, to March 30, 2019.
Despite these reports, the business states that it has “not been able to verify the accuracy of the information.”
Following this, Tech Crunch states that affected patients by the data privacy breach reach up to 12 million individuals. While lab results remain unexposed by the breach, the compromised records show patients personal records. The records include credit card information, bank account information, medical details, and Social Security numbers.
Plan of Action
The company is “taking the matter seriously and is committed to the privacy and security of our patients’ personal information.” Following the security breach, the medical testing giant stopped sending collection requests.
The press release of Quest Diagnostics mentioned the company is working with Optum360 to help notify affected patients and individuals.
Meanwhile, the American Medical Collection Agency hired a third-party forensics team to investigate the incident. Aside from this, the billing collections agency also upped its security system by migrating its payments portal. AMCA has also advised law enforcement agencies and other industry experts regarding the matter.
The American Medical Collection Agency takes pride in their “system’s security, data privacy, and the protection of personal information.” Following this, the agency representing the AMCA also said that it has conducted internal investigations. It is also working with security experts, reports NBC New York.