Quest Diagnostics said 11.9 million of its patients may have been exposed in a data breach of American Medical Collection Agency, a billings collection firm the medical laboratory works with.
The company has not received all the information about the incident from American Medical Collection Agency (AMCA) and has not been able to verify the accuracy of the information received from AMCA, the diagnostic information services provider said. It's not the first time those customers have had their personal data strewn across the web, though the AMCA breach affects many more people than a 2016 hack that saw 34,000 patients' personal and medical information - including lab results - stolen. The number of patients impacted was only recently determined. An outside security expert has been hired to determine the damage of the breach. "Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA", Quest said.
Quest will be working with Optum360 to ensure that Quest patients are appropriately notified of the possible breach.
The data breach dates back to August 1 previous year through May 31.
AMCA did not immediately respond to a request for comment. The company only learned how many customers were potentially affected last week. "In the case of Quest Diagnostics, we can see that personal financial data and medical records appear to have been compromised".
According to Quest, it's not totally their fault. The company has more than a dozen locations in the Denver metro area and roughly 2,200 locations across the United States, according to its website.