About 11.9 million Quest Diagnostics patients may have had their financial, medical and other personal information exposed in a data breach, the company said Monday.
In a filing with the Securities and Exchange Commission, Quest said a billing collections vendor, American Medical Collection Agency, notified it last month of potential unauthorized activity on AMCA's web payment page. AMCA provides billing collections services to Optum360, which is a Quest contractor. An unauthorized user had access to the system between Aug. 1, 2018, and March 30, 2019, Quest said.
The system contained sensitive data, including credit card numbers, bank account information, medical information and Social Security numbers, Quest said. Lab results were not provided to AMCA and were not exposed in the breach. AMCA thinks 11.9 million Quest patients were affected as of May 31, 2019, Quest said.