Just when you think the U.S. healthcare system couldn’t get more costly, Quest Diagnostics, one of the country’s largest blood testing companies, announced Monday that the personal information of 11.9 million of its patients was breached, including Social Security numbers, financial information, and medical data (but not lab results, the company made sure to note).
According to Quest, it’s not totally their fault. Instead, it was the collection agency the company uses, American Medical Collection Agency (AMCA), which was targeted in the data breach. Information that may have been exposed included “certain financial data, Social Security numbers, and medical information” of nearly 12 million Quest patients.
Quest said it was notified that between August 1, 2018, and March 30, 2019, someone had unauthorized access to the systems of AMCA. Quest is making the breach public, even though it has not yet received “detailed or complete” information from AMCA about the breach, including which individuals may have been affected. “Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information,” the company said. “We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more.”
This isn’t exactly new territory for Quest. In 2016, another hack exposed the information of 34,000 people.