On Monday 3 June, Quest Diagnostics gave a press release stating nearly 12 million of its customers' personal data had been accessed by an "unauthorized user".
According to NBC News, the breach had been acknowledged as of mid-May. The information was provided by a Securities and Exchange Commission filing that Quest made to the American Medical Collection Agency (AMCA). The AMCA offers billing collection services to Quest's contractor, Optum 360.
However, NBC also pointed out that Quest said AMCA’s web payments page had potentially been compromised from August 1, 2018 to March 30, 2019.
According to the AMCA, "AMCA believes this information includes personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results." It further explained this by stating that the full extent of the breach was still unknown.
"Certain financial data and Social Security numbers have been compromised."
"AMCA has not yet provided Quest or Optum360 detailed or complete information about the AMCA data security incident, including which information of which individuals may have been affected. Quest has not been able to verify the accuracy of the information received from AMCA." Quest added that it had “suspended” sending collections requests to AMCA.
AMCA has launched an internal investigation, according to a firm representing the company. Futhermore, it stated that further actions were being taken by AMCA, and that they had hired an “external forensics” company to investigate the breach, brought on a third-party vendor to manage its web payments system, “retained additional experts,” and notified law enforcement of the incident.
Rising security breaches
Security breaches are believed to be increasing, with a higher focus on financial information gained through the health-care industry.
Giovani Vigna, co-founder of security firm, Lastline noted, “This kind of information is much more lucrative than personal health information that, at the moment, is not readily marketable by criminals.”
Hence, the focus on financial systems based around the healthcare industry.