Banking, credit card, and some medical information of 12 million patients were exposed by Quest Diagnostics’ payment service, American Medical Certification Association (AMCA), due to a security incident.
Quest Diagnostics, one of the country’s largest providers of diagnostic testing, said that nearly 12 million customers may have had information compromised due to a data breach, according to North Jersey News.
The Secaucus-based diagnostic testing company confirmed that there was a data security incident involving AMCA, a billing collections vendor, said Wendy Bost, spokeswoman for QuestDiagnostics. While the breach did not happen at QuestDiagnostics, AMCA provides services to Optum360, which in turn provides payment services to Quest Diagnostics, said Bost.
In a SEC filing, Quest Diagnostics said that AMCA informed them that there had been unauthorized access on AMCA’s web payment page and that information from both Quest Diagnostics and Optum360 customers may have been compromised.
Questions to AMCA were referred to Brunswick Group, an advisory firm. A call to Brunswick Group seeking comment was not immediately returned.
The information stored on AMCA’s affected system includes credit card numbers, bank account information, medical information and personal information, including Social Security numbers, according to the SEC filing.
As of Monday, AMCA had not provided Quest Diagnostics or Optum360 complete information about the security breach, including specific information and individuals affected, Bost said in a statement.
AMCA first notified Quest Diagnostics of a potential breach May 14, according to the filing. On May 31, AMCA told QuestDiagnostics that the potentially compromised data included as many as 11.9 million patients.
In response to the breach, Quest Diagnostics has suspended sending collection requests to AMCA, the statement said. The company has also sent out notifications to affected health plans, the statement said.
Torrejon, Rodrigo. (2019, June 3). QuestDiagnostics breach: Nearly 12M customers may have had data compromised. North Jersey News.