Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.

12 Million Quest Diagnostic Patients Exposed in Third Party Breach

Date: 06/03/2019

This is an emerging data breach incident – this information will be updated as ITRC receives more information. Last update: 06/07/19 10:30 am

Quest Diagnostics is one of the United States’ premier providers of medical testing. They are notifying customers who may be at risk because a third party vendor, American Medical Collection Agency (AMCA), was breached. AMCA reported to Quest that unauthorized users gained access to internal systems. Around 11.9 million Quest patients have potentially been affected, although the company is working to verify that number and patient risk. 200,000 payment cards been previouly found for sale on a well-known dark web market (by Gemini Advisory) and GA linked the cards to AMCA. 15% of the records included additional PII such as: DOB, SSN, and physical addresses.

The information exposed includes Social Security numbers, financial information and medical information. Quest reported that the information breached did not include laboratory test results.

We are investigating a data incident involving an unauthorized user accessing the American Medical Collection Agency system,” reads a written statement attributed to the AMCA. “Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page.”

“We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security. We have also advised law enforcement of this incident. We remain committed to our system’s security, data privacy, and the protection of personal information.”

Quest also noted that since being notified of the breach, the company has stopped new requests to AMCA and are working to notify patients affected in accordance with the law. AMCA is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card data or bank account information may have been accessed. These individuals have been offered 2 years of credit monitoring and identity theft protection services.

AMCA provides billing collections services to a company called Optum360, whom is a contractor with Quest Diagnostics. Quest Diagnostics is the only company to make a public notification of being affected by the breach, but there is a chance other companies who work with AMCA could also be associated. The trend of third-party breaches is on the rise as hackers target large databases of vendors who work with sensitive information.

Breach Clarity – the new tool developed to help consumers make sense of their risk when it comes to data breach – can help victims of this breach understand their risk of additional exposure. The tool updates its risk score as new, more detailed information is made publicly available. Breach Clarity will guide consumers on their best course of action given the current information – please check it regularly to understand the updated risk assessment and minimization plans.

While patients are waiting to be notified they were affected, those who think they might be victims can start taking steps to minimize their risk. Financial identity theft and medical identity theft could both be a cause of the breach. You can find resources for financial and medical identity theft in our knowledge center. If you have additional questions regarding data breach, our expert advisors are available to help. Call us toll-free at 888.400.5530 or LiveChat with us.

For Media Inquiries

About the Identity Theft Resource Center®

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help app. For more information, visit: https://www.idtheftcenter.org

Contact: Charity Lacey, VP of Communications

Email: [email protected]

More media resources here

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read more: First American Financial Breach Exposes Millions of Complete Identities

 

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.