JACKSONVILLE, Fla. – Nearly 12 million Quest Diagnostics customers’ personal information have been compromised after a recent data breach struck American Medical Collection Agency (AMCA), a third-party vendor Quest uses for medical billing services.
According to a statement from Quest, the company first learned of the breach within AMCA’s system May 14. It wasn’t until two weeks later that the extent of the breach became clear – the same system houses 11.9 million Quest customers’ personal and financial data including Social Security numbers.
Other personal details that might have been exposed include financial data and medical information, though Quest said laboratory test results remain secure. But while the company is working to investigate what happened, it’s still awaiting more information from AMCA.
“AMCA has not yet provided Quest…detailed or complete information about the AMCA data security incident, including which information of which individuals may have been affected. And Quest has not been able to verify the accuracy of the information received from AMCA,” the company said.
Kevin Johnson, a cyber security expert and creator of Secure Ideas, said this might be the tip of the iceberg, especially since Quest is not the only company that relied on AMCA’s services. He noted it’s possible that hackers could try to exploit the situation to gain even more information from people.
“We have so many breaches out there that people should just assume their data is taken and act upon that,” Johnson said. “ … UnitedHealth (Group) also used this billing provider, so what we’ll see if that is true, United will come out and say, ‘This many people’s data was compromised.’”
Johnson anticipated that will translate into a wave of what are called phishing attempts over the next few days and weeks. That means people will receive emails from hackers posing as Quest, trying to exploit their thirst for more information about what happened to their data.
“People will get an email that pretends to be from Quest,” he said. “It will say, ‘Hey your data was breached, click here to find out exactly what happened.’ Don’t click that.”
The only way to ensure your data is protected, Johnson said, is through a credit freeze. Freezing your credit won’t allow anyone to open a new credit card or take out a loan in your name without jumping through some serious hoops.
To freeze your credit, just reach out to the following nationwide credit bureaus. You'll need to supply your name, address, date of birth, Social Security number and other personal information.
After receiving your freeze request, each credit bureau will provide you with a unique PIN, or personal identification number, or password. Store your PIN or password in a safe place. You will need it if you choose to lift the freeze. For more information, visit the FTC's website.