Quest Diagnostics hit with class-action lawsuit following 11.9 million-patient data breach

Florida law firm Morgan & Morgan filed a class-action lawsuit on June 12 in New Jersey against Quest Diagnostics after the laboratory testing company disclosed that it had experienced a data breach that exposed 11.9 million patients, according to the Connecticut Law Tribune.

Attorneys general in Connecticut and Illinois have also opened investigations into the security incident.

Quest Diagnostics announced a data breach at its billing vendor American Medical Collection Agency on June 3. The data breach affected patients' financial information, including credit card numbers and bank account information. Some medical information and personal data also may have been affected.

In the 36-page lawsuit, Quest Diagnostic is accused of failing to properly notify patients of the breach, the Connecticut Law Tribune reports. Quest Diagnostics said hackers had access to an AMCA web payments portal between Aug. 1, 2018, and March 30, 2019. 

The data breach "was a direct result of defendants' failure to implement adequate and reasonable cybersecurity procedures and protocols necessary to protect patients personally identifiable information," the lawsuit claims.

The lawsuit seeks class certification, monetary damages and a mandatory injunction directing Quest Diagnostics to properly protect members' personal information and implement improve security processes.

Quest Diagnostics did not respond to the Connecticut Law Tribune's request for comment.

More articles on cybersecurity:
How senators are responding to Quest Diagnostic data breach and what it means for healthcare cybersecurity
Opko Health alerts 422,600 patients of data breach
27 hospital, health system data breaches in 2019

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars