Quest said patients impacted by the data breach will be notified.
AMCA first notified Quest of potential unauthorized activity May 14, according to the release.
Quest says it doesn't have complete information about how the leak happened yet, but it says in a statement that it "takes this matter very seriously and is committed to the privacy and security of patients' personal, medical and financial information".
AMCA believes the personal information includes financial data, Social Security numbers, and medical information.
Laboratory test results were not affected, Quest said.
Quest's stock was unchanged on the news.
Law enforcement has been notified and a cyber forensics firm has been hired to investigate the security incident. But today's disclosure by LabCorp. suggests we are nowhere near done hearing about other companies with millions of consumers victimized because of this incident: The AMCA is a NY company with a storied history of aggressively collecting debt for a broad range of businesses, including medical labs and hospitals, direct marketers, telecom companies, and state and local traffic/toll agencies.
Quest provides lab testing services to about half of the doctors and hospitals in the USA, according to securities filings.
Until more is known, Quest Diagnostics will stop using that data management provider and patients whose data was compromised will be contacted by the companies. The only data breach larger than the apparent one at Marriott occurred in 2013, when three billion user accounts at Yahoo were exposed, costing Yahoo $47 million in litigation expenses.