Quest Diagnostics says personal data of almost 12 million customers has been breached

Blood testing group Quest Diagnostics announced Monday that the personal information of 11.9 million patients has been breached, including Social Security numbers, financial information and medical data.

The company said in a statement that an “unauthorized user” gained access to the American Medical Collection Agency (AMCA) system, a billing collection service provider for Quest.

{mosads}Quest noted in its official statement on the breach that it had not yet received “complete information” on the details of the breach from the AMCA, such as which customers were impacted, and that it has also not been able to verify that the breach took place. The company said that it does not believe that laboratory test results were accessed.

Quest said it is “committed to keeping our patients, health care providers, and all relevant parties informed as we learn more,” adding that the company “is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information.” 

The AMCA originally notified both Quest and Optum360, another group that utilizes billing services from the AMCA, about the potential unauthorized activity on its system on May 14, but did not reveal the number of customers impacted by the data breach until May 31.

A spokesperson for Optum360 told The Hill that “while Optum360 data systems were not impacted by this situation, data security is critically important to us, and we are actively working with Quest and AMCA to understand this issue and ensure appropriate actions are being taken.”