Attorneys general in Connecticut and Illinois have also opened investigations into the security incident.
Quest Diagnostics announced a data breach at its billing vendor American Medical Collection Agency on June 3. The data breach affected patients’ financial information, including credit card numbers and bank account information. Some medical information and personal data also may have been affected.
In the 36-page lawsuit, Quest Diagnostic is accused of failing to properly notify patients of the breach, the Connecticut Law Tribune reports. Quest Diagnostics said hackers had access to an AMCA web payments portal between Aug. 1, 2018, and March 30, 2019.
The data breach “was a direct result of defendants’ failure to implement adequate and reasonable cybersecurity procedures and protocols necessary to protect patients personally identifiable information,” the lawsuit claims.
The lawsuit seeks class certification, monetary damages and a mandatory injunction directing Quest Diagnostics to properly protect members’ personal information and implement improve security processes.
Quest Diagnostics did not respond to the Connecticut Law Tribune’s request for comment.
More articles on cybersecurity:
How senators are responding to Quest Diagnostic data breach and what it means for healthcare cybersecurity
Opko Health alerts 422,600 patients of data breach
27 hospital, health system data breaches in 2019
