American Medical Collection Agency (AMCA), billing service provider, had its web payment page breached, impacting nearly 11.9 million Quest Diagnostic patients’ personal and financial information.
The detailed picture
AMCA first notified Quest Diagnostics on May 14, 2019, that an unauthorized user gained access to its web payment page between August 22, 2018 and March 30, 2019, that contained information AMCA received from various entities, including Quest Diagnostics.
Upon receiving the notification, Quest Diagnostics reported the incident to the U.S. Securities and Exchange Commission.
“Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information,” Quest Diagnostics told BleepingComputer.
What information was involved?
The information that could be accessed during the breach includes Social Security numbers, bank account details, credit card numbers, as well as medical information. However, laboratory test results were not compromised.
The response from AMCA
“We have also advised law enforcement of this incident. We remain committed to our system’s security, data privacy, and the protection of personal information,” AMCA said in a statement.