Florida law firm Morgan & Morgan filed a class-action lawsuit on June 12 in New Jersey against Quest Diagnostics after the laboratory testing company disclosed that it had experienced a data breach that exposed 11.9 million patients, according to the Connecticut Law Tribune.
Attorneys general in Connecticut and Illinois have also opened investigations into the security incident.
Quest Diagnostics announced a data breach at its billing vendor American Medical Collection Agency on June 3. The data breach affected patients' financial information, including credit card numbers and bank account information. Some medical information and personal data also may have been affected.
In the 36-page lawsuit, Quest Diagnostic is accused of failing to properly notify patients of the breach, the Connecticut Law Tribune reports. Quest Diagnostics said hackers had access to an AMCA web payments portal between Aug. 1, 2018, and March 30, 2019.
The data breach "was a direct result of defendants' failure to implement adequate and reasonable cybersecurity procedures and protocols necessary to protect patients personally identifiable information," the lawsuit claims.
The lawsuit seeks class certification, monetary damages and a mandatory injunction directing Quest Diagnostics to properly protect members' personal information and implement improve security processes.
Quest Diagnostics did not respond to the Connecticut Law Tribune's request for comment.