Lab tests on Giant Quest Diagnostics indicate that a data breach would have affected nearly 12 million patients



[ad_1]

A researcher examining blood test results at the Gorgas Memorial Laboratory in Panama City in 2016 (photo).
Photo: Arnulfo Franco (AP)

Clinical Laboratory Test Quest Diagnostics announced in a statement Monday that an "unauthorized user" had had access to personal information relating to approximately 11.9 million clients, including financial and medical data.

According to NBC News, the news of the breach was transmitted through a filing with the Securities and Exchange Commission, in which Quest had written that the American Medical Collection Agency (AMCA), which provides debt collection services invoices to Quest's contractor, Optum 360, had notified it in the middle of the year. -Can. NBC wrote that Quest had stated that the AMCA online payment page had probably been compromised from August 1, 2018 to March 30, 2019.

In his statement, Quest wrote that the compromised information could include "certain financial data", social security numbers and medical equipment, but not the results of laboratory tests performed on patients. He also wrote that the extent of the breach remained uncertain:

AMCA believes that this information includes personal information, including certain financial data, social security numbers and medical information, but not the results of laboratory tests.

AMCA has not yet provided Quest or Optum360 with detailed or complete information about the AMCA data security incident, including information about people who may have been affected. And Quest has not been able to verify the accuracy of the information received from AMCA.

Quest adds that she "suspended" the submission of collection requests to AMCA. According to the Wall Street Journal, a spokesperson for Optum360's parent company, UnitedHealth, said their Optum360 systems were not affected by the breach.

A company representing AMCA issued a statement to NBC New York indicating that AMCA had opened an internal investigation after being informed of a potential violation by a "compliance company working with credit card companies" ". This company also wrote that the AMCA had hired a forensics "to investigate the offense, appealed to a third-party vendor to manage its online payment system," retained the expert services " and notified the law to the incident.

Security experts generally believe that the number and severity of major data breaches is increasing, with systems related to the health care sector being one of the main targets.

"Hackers are targeting financial companies, such as this bill collection company, because they often store sensitive financial information that can be turned into immediate gains," said Giovanni Vigna, co-founder of security firm Lastline, Washington Post. . "This type of information is far more lucrative than personal health information that, at the moment, is not easily marketable by criminals."

In May, federal prosecutors indicted two people in connection with a violation of the health insurance company Anthem and other companies in 2014, which reportedly affected some 78 million people. Prosecutors wrote in the indictment that hackers were working with a sophisticated Chinese hacking organization and had conspired to use the data for the purpose of committing electronic fraud.

In other cases, sensitive medical documents or related information would simply have been left on unprotected servers. Among such situations are a plethora of records of 145,000 patients in a Pennsylvania drug treatment center discovered by Cloudflare's Director of Trust and Security, Justin Paine, earlier this year, and a flaw on the federal government's Healthcare.gov portal in 2018 that may have exposed sensitive but non-medical data on up to 75,000 people.

[ad_2]

Source link