Quest Diagnostics says millions of patients' medical info may have been exposed in data breach

Millions of Quest Diagnostics patient's personal and medical information may have been exposed in a breach of one of the billing collection firms with which it works, the company announced in a news release Monday.

The billing collections service provider, American Medical Collection Agency, informed Quest Diagnostics of a potential data hack on May 14. The company notified Quest Diagnostics of data that affected about 11.9 million patients, the news release said.

>> Read more trending news

“AMCA believes this information includes personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results,” the company said.

The Wall Street Journal reported that AMCA discovered an unauthorized user accessed the agency's system between August 2018 and March 2019, giving it access to information it collected and that of other companies, including Quest Diagnostics.

Quest Diagnostics said AMCA has not provided it with detailed information about the security breach, which would include which specific patients may have been affected, according to the news release.

"Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information," the news release said. "Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA.

“Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law.

“We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more.”