Quest Diagnostics is notifying 11.9 million patients of a data breach that happened at one of its billing collections vendors, according to The Wall Street Journal.
Five things to know:
1. American Medical Collection Agency alerted Quest Diagnostics on May 14 of a data breach within the billing company's web payment system. Quest outsourced its billing operations to Optum360, which contracted AMCA.
2. The data breach affected patients' financial information, including credit card numbers and bank account information. Some medical information and personal data may have also been affected. Quest Diagnostic confirmed no laboratory results were affected in the breach.
3. An investigation found that between August 2018 and March 2019 an unauthorized user gained access to AMCA's system. The hacker was able to gain access to information from AMCA's clients, such as Quest Diagnostics.
4. Quest Diagnostics is conducting its own investigation into the incident to determine the scope of the information AMCA had access to.
5. Quest Diagnostics has suspended collection requests from AMCA and notified the health plans that may have been affected. The company is also working with law enforcement to evaluate the impact the data breach will have on Quest Diagnostics and patients.