Quest Diagnostics has reported that nearly 12 million patients’ may have been impacted by a breach into American Medical Collection Agency (AMCA), the medical testing company’s third-party billing provider. According to a data breach filing with the Security and Exchange Commission, as many as 11.9 million patients may have had their credit card, banking, medical information, and other personal details stolen.
Quest has confirmed that because AMCA does not handle lab results, this information was not affected by the breach. It has also stopped sending collections request through AMCA while the breach is under investigation, and has hired outside security experts to get a better sense of the damage.
On May 14, AMCA alerted Quest of the potential breach through its web payments page. The data breach filing indicates that between August 1, 2018 and March 30, 2019, an unauthorized party got access to AMCA’s system that allowed them to inject malicious code into the payments pages. They were then able to skim and collect the information users inputted.
According to TechCrunch, this is the second breach affecting Quest customers in three years. In 2016, the company announced the breach of its MyQuest patient portal, which allowed access to the test results and personal information of 34,000 patients.
Your company takes the security of its software seriously. If you want to prove to your customers that you make it a priority, you have to check out Veracode Verified.
This is a companion discussion topic for the original entry at http://www.veracode.com/blog/security-news/quest-diagnostics-breached-through-third-party-billing-collections-vendor