Quest Diagnostics Data Breach Exposes Data of 11.9M Patients

Quest Diagnostics Data Breach Exposes Data of 11.9M Patients

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Quest Diagnostics, the popular US clinical laboratory, has suffered an enormous data breach. As a result, the information of 11.9 million patients has been exposed.

According to the official statement, the American Medical Collection Agency (AMCA), a billing collections service provider, informed Quest Diagnostics that “an unauthorized user had access to AMCA’s system containing personal information AMCA received from various entities, including from Quest.”

It should be noted that AMCA provides billing collections services to Optum360, which in turn is a Quest contractor. Quest and Optum360 are working with forensic experts to investigate the matter, the statement added.

Quest Diagnostics Data Breach Explained

Apparently, the unknown attacker took advantage of the Quest contractor to obtain access to the highly sensitive patient data. Compromised data includes social security numbers, medical and financial details. What is known is that laboratory test results are not compromised.

The type of financial data potentially at risk is not revealed yet, and it’s not known if credit card numbers and security codes were exposed. Quest also hasn’t specified if encryption was in place to protect the data of its patients.

How did the data breach happen? According to Quest’s explanation, hackers had access to AMCA’s web payment page which likely means that a credit card skimmer was used.

Considering the nature of the attack, a group such as Magecart may be behind the data breach. Magecart’s portfolio of successful formjacking attacks includes organizations such as British Airways and Ticketmaster, to name a few.

Cybercriminals are constantly looking for ways to monetize their malicious campaigns as quickly as possible. Targeting retail websites has proven quite profitable, and it?s no surprise that this type of attack, shortly known as formjacking, has been prevalent in 2018....Read more
A formjacking attack involves the injection of malicious code into the targeted website, allowing attackers to grab customers’ credit card details.

Magecart is active once again in notorious campaigns in which 277 e-commerce websites were infected in supply-chain attacks.
Magecart Hackers Insert Skimming Code Into a Third-Party JavaScript Library.

It is noteworthy that security researchers from RiskIQ and Trend Micro recently came across a new subgroup known as Magecart Group 12 which is infecting targeted websites by inserting skimming code into a third-party JavaScript library.

As for Quest’s data breach, the laboratory “is taking this matter very seriously” and since the knowledge of the AMCA data security incident, they have suspended sending collection requests to AMCA.


Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share