Quest Diagnostics said Monday that 11.9 million Quest Diagnostics patients may have had their personal, financial, and medical exposed in a data breach that happened through a contractor of a contractor.
Quest outsources its billing collections to Optum360, which in subsequently used American Medical Collection Agency (AMCA) for such services, and were both notified by AMCA of a security incident on May 14. AMCA has yet to announce details of the breach to the public, but in a filing with the U.S. Securities and Exchange Commission (SEC), AMCA revealed that hackers had access to its payment systems from August 1, 2018 until March 30, 2019.
In the filing, AMCA claimed during the eight-month period attackers gained access to financial, medical and other personal information, including social security numbers, credit card details, and bank account information.
AMCA has not provided Quest or Optum360 with the full details of the incident as the investigation is currently ongoing. In the meantime, Quest is not able to verify the number of individuals that may have been affected by this incident, what forms of financial data have been exposed, or whether the information was protected by encryption. Quest has confirmed that no laboratory test results were exposed during this incident.
Quest has not revealed what forms of financial data have been exposed, such as whether card numbers or security codes are included, or whether or not encryption was in place to protect this information.
Time and time again we see companies looking to cut costs by outsourcing core responsibilities to third-party providers, but in doing so businesses and its customers become increasingly more exposed to uncontrollable security risks. The healthcare industry continues to be a prime target for cybercriminals became there are so many moving parts to go after, so many different entry points for hackers to exploit with inadequate security.
NNT solutions combine the essential, foundational security controls recommended by all leading security frameworks such as HIPAA HITECH and CIS with the operational discipline of change management. With the essential security controls in place and the ability to correlate changes within an environment with an approved ticket or set of rules, healthcare providers are l able to prepare for an audit and prevent and protect themselves and patients against all forms of risk, all while gaining full control over changes for security and operational peace of mind.
Learn more about NNT's Solutions for the Healthcare Industry