What Really Happened On Quest Diagnostics Data Breach

The Quest Diagnostics data breach happened between August 1, 2018, until May 31, 2019. What really happened in those terrible eight months? Let’s find out.

Overview On Quest Diagnostics

Quest is one of the largest blood testing companies in the U.S. It has 2,000 locations all over the country. Furthermore, Quest operates in several other countries. Those are Brazil, Mexico, India, and the United Kingdom. 

For instance, the court or an employer requires a person to get a drug screening. Or it could be a clinic needing outside blood testing. There is a good chance that they will make use of one of Quest’s facilities because Quest has many branches. Moreover, the healthcare company is a member of the Fortune 500.

The American Medical Collection Agency (AMCA) is a third-party billing collections vendor that provides services to Quest. On May 14, 2019, AMCA notified Quest about a potential data breach. Afterward, the healthcare company announced that hackers exposed the sensitive data of 12 million customers. For instance, bank and medical details.

How The Breach Happened

AMCA provided few details about the breach. They implied that it was an insider attack. AMCA learned that its security was penetrated by a consultant working for credit card companies. Moreover, the agency revealed that the attack’s focus was on payment pages. Furthermore, the attackers logged visitors’ payment and personal information.

Unfortunately, the attackers had access to medical information entered on the AMCA site. According to Quest, the attackers logged information from the 1st of August 2018 to the 30th of March 2018. AMCA said they do not exactly know how unauthorized access happened.

This is not the first time the healthcare company experienced a breach. In 2016, hackers exposed the data of 34,000 patients. Hackers attacked the patient portal MyQuest. Moreover, hackers exposed names, birthdate, lab results, and contact details of those patients.

Potential Consequences

Quest has insurance coverage in place that should handle some potential costs and liabilities from the breach, officials said.

Security firm Gemini Advisory advised DataBreaches.net in May. According to Gemini researchers, they found payment card details of 200,00 patients for sale. Moreover, those patients are from AMCA. 

Researchers found the details for sale on a popular dark web marketplace. Those cards appeared to be compromised between September 2018 and March 2019. That timeframe aligns with Quest’s notification. AMCA allegedly didn’t respond to the issue. 

Moreover, it is feared that hackers can now transact using the patients’ payment details. Furthermore, this could lead to serious damage to Quest’s reputation. Why? Because as we have mentioned earlier, the huge public trading company suffered two breaches in just three years. Furthermore, the breach could also bring great damage to the company’s shareholder trust and stock price.

Other Large Data Breaches

The 2019 Quest Diagnostics data breach is not the biggest. For instance, the Equifax data breach affected the data of 145.5 million individuals. The 2016 Yahoo attack affected 1 billion Yahoo customers. 

The largest hack in the medical industry is the cyber attack on Anthem. Two Chinese nationals were part of the theft of 79 million records. Anthem had paid a $115 million settlement to victims of the breach.

Rate this post:

Leave a Comment

Your email address will not be published. Required fields are marked *