Millions of Quest Diagnostics patients may have had their financial, medical and other personal information exposed in a data breach, the company announced on Monday.
According to a Securities and Exchange Commission filing known as an 8-K, the vendor, American Medical Collection Agency, told Quest that hackers had access to its system from August 1, 2018 to March 20, 2019.
The company said that actual lab results were not included on the affected system.
AMCA first notified Quest on May 14 of "potential unauthorized activity" on its payment page, Quest said.
"Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information", the company said in a news release. Marriott experienced one of the largest personal data breaches in history, losing personal information belonging to 383 million guests, while hackers hit Yahoo and stole data belonging to 3 billion accounts.
One couple's quest to learn why their credit card was compromised nine times in seven years. Quest also hasn't been able to independently verify the information provided by AMCA so far, it said. "Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA", Quest said.
Quest will be working with Optum360 to ensure that Quest patients are appropriately notified consistent with the law.