Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Clinical lab Quest announces collection agency’s data breach

Reprints
data breach

Clinical laboratory firm Quest Diagnostics Inc. said Monday that hackers have gained access to personal data on 11.9 million of its patients.

Secaucus, New Jersey-based Quest said it has been informed by a billing collections provider, Elmsford, New York-based American Medical Collection Agency, that an unauthorized user had access to AMCA’s system containing personal information on the patients.    AMCA provides billing collection services to a Quest contractor, Optum360, a unit of Minnetonka, Minnesota-based UnitedHealth Group. 

The statement said Quest and Optum360 are working with forensics experts to investigate the matter. It said AMCA first notified Quest and Optum360 of potential unauthorized activity on AMCA’s web payment page on May 14.

On May 31, it notified them that the data on affected system on AMCA’s affected system included information regarding about 11.9 million Quest patients, and that it believes this information includes personal information, including certain financial data, Social Security numbers and medical information, but not laboratory test results.

It said AMCA has not yet provided detailed or complete information about the incident, including which information of which individuals may have been affected and Quest has not been able to verify the accuracy of the information it has received from AMCA.

The statement said, “Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information. Since learning of the AMCA data security incident we have suspended sending collection requests to AMCA.” It said it is working with Optum360 “to ensure that Quest patients are appropriately notified consistent with the law. We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more.”

UnitedHealthcare said in a statement, “While Optum360 data systems were not impacted by this situation, data security is critically important to us, and we are actively working with Quest and AMCA to understand this issue and ensure appropriate actions are being taken.”

AMCA said in a statement it is investigating the incident. “Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page. We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security. We have also advised law enforcement of this incident. We remain committed to our system’s security, data privacy, and the protection of personal information.”

In April, it was announced that Yahoo had struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history.

 

 

 

 

Read Next

  • Data breach costs to drive cyber insurance rates

    Cyber insurance premium rates are likely to increase in India after the average cost of data breaches grew 8% year over year to 120 million Indian rupees ($1.7 million) in 2018, India Times reported. Dhingra, president of Marsh India Insurance Brokers Pvt. Ltd., said that new regulations in overseas markets are driving cyber insurance uptake among Indian firms with global exposure such as pharmaceuticals, retail companies and hospitality firms.