Dive Brief:
- Quest Diagnostics disclosed Monday morning 11.9 million patients' financial, medical and other personal information, such as Social Security numbers, may have been exposed between August 1, 2018, and March 30, 2019.
- The company said one of its billing collections vendors, American Medical Collection Agency, alerted Quest and its revenue cycle management provider, Optum360, on May 14 there was "potential unauthorized activity" on its web payment page.
- Laboratory test results were not shared with AMCA and were not exposed, according to Quest.
Dive Insight:
Quest said in response to the potential data breach it has suspended sending collection requests to AMCA.
The clinical lab said it has not yet received "detailed or complete information from AMCA about the incident," and continues to work with Optum and security experts to ascertain the potential impact of the potential data breach. Quest said it has not been able to verify the accuracy of the information it received from AMCA.
Quest has already notified affected health plans, and the company is working to provide information to regulators to comply with state and federal laws.
Although Quest has insurance for certain liabilities and costs related to the security incident, the company said it is "limited in amount and subject to a deductible."
Last July, Quest rival LabCorp was the target of a cyberattack that resulted in the company pulling parts of its IT system offline. The ransomware attack cost LabCorp $24 million to address.