A medical testing lab has announced that the records of 11.9 million customers may have been compromised by hackers.
The testing lab, Quest Diagnostics, revealed that the servers of its billing collections vendor AMCA were breached by an “unauthorized user” who was accessing the files from August 2018 to March 2019. A recent securities filing from Quest said that the breach may have compromised data such as customers’ financial information (credit card numbers, bank account information), medical information, and other personal data (such as Social Security numbers).
Quest said that it had been unable to get the full story on the breach from AMCA for almost three weeks after learning of the cyberattack, RT USA News reported. The lab only learned of the hack after cybersecurity firm Gemini Advisory announced on May 10 that it had found credit card information for about 200,000 individuals. According to Gemini, the credit card information appeared to come from AMCA, and was put on sale on the dark web.
The lab assured shareholders in its securities filing that the collections agency did not have access to patients’ actual test results. Only “broad” medical information could have been stolen, Quest explained.
Quest added in its securities filing that it has “suspended sending collection requests to AMCA.” However, the lab added that it was unable to verify the accuracy of the information received from the collections agency.
This is not the first time Quest Diagnostics has been hacked, RT USA News noted. In 2016, 34,000 patients’ personal and medical information – which includes lab results – were stolen.