Some patients of Quest Diagnostics had their data breached through a third-party company that provided debt collection services to the medical laboratory clinic.
Quest was informed in May by the American Medical Collection Agency that data from 11.9 million patients whose accounts were marked for debt collection was accessed by an unauthorized user, according to a news release issued by Quest.
The agency provided debt collection services to Optum360, a vendor that provides billing services to Quest. Although neither Quest nor Optum360’s systems were breached, the collection agency reported a breach in its data system spanning from August 2018 to the end of this March, according to the release.
Patient information accessed during the breach included full legal names, dates of birth, Social Security numbers, addresses, phone numbers, names of labs used, names of referring doctors, names of tests run, patient ID numbers, credit card information, bank account numbers, insurance information and diagnosis codes. Test results were not included in the breach, according to the release.
In June, American Medical Collection mailed notices to patients whose data had been breached, including some Quest patients. On June 7, the debt collection agency told Optum360 it had failed to initially notify some patients whose information may have been included in the breach, according to the release.
The agency filed for bankruptcy on June 17 and now plans on liquidating its business. Quest and Optum360 are mailing out notices this week to affected patients who were not initially notified of the breach in June, according to the release.
Quest and Optum360 have since stopped using American Medical Collection for their debt collection services, and the company has migrated its payments page to a third-party vendor, retained a computer security consulting firm and has been working with law enforcement to address the breach, according to the release.
Patients whose Social Security numbers, credit card information or bank account numbers were affected are being offered free credit monitoring services, according to the release.
Quest has dozens of labs in the greater Sacramento area, spanning Elk Grove, Folsom, Roseville and Davis.
Quest patients who have been notified that their data was affected in the breach, or patients with questions regarding the breach, can call 800-491-5304. More information regarding the data breach can be found here.