Nearly 12 million customers affected by data breach, Quest Diagnostics says

Nearly 12 million customers of one of the nation’s biggest blood testing providers may have had their personal information compromised in a cyberattack, Quest Diagnostics officials said Monday in a regulatory filing.

A billing collections vendor notified Quest Diagnostics of the discovery of “unauthorized activity” on its online payment page.

According to a Securities and Exchange Commission filing known as an 8-K, the vendor, American Medical Collection Agency, told Quest that hackers had access to its system from August 1, 2018 to March 20, 2019.

In that time, credit card numbers, bank account information, medical information and other personal data of 11.9 million people was potentially exposed.

AMCA officials said they notified law enforcement of the breach.

“Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information,” Quest representatives said in its filing.

Quest is one of the world's leading medical diagnostic companies, with 2018 revenues of $7.5 billion. Headquartered in Secaucus, New Jersey, it has 45,000 employees worldwide.