Almost 12 million customers of one of the nation's biggest blood testing providers may have had their personal information compromised in a cyberattack, Quest Diagnostics officials said Monday in a regulatory filing.
AMCA first notified Quest of potential unauthorized activity May 14, according to the release.
The firm told security regulators that it last week learned of a data breach on its web payment system between August 1, 2018, and March 30, 2019. Laboratory test results are not provided to outside companies and were not affected. Quest outsources its billing collections to Optum360, which in turn used American Medical Collection Agency for such services.
"Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information, " the company said.
On May 31, AMCA notified Quest that the data on their affected system included information regarding about 11.9 million Quest patients.
Quest has not been able to verify the accuracy of the information received from AMCA, and complete or detailed information has not yet been provided.
AMCA did not immediately respond to a request for comment.
Quest provides lab testing services to about half of the doctors and hospitals in the US, according to securities filings.