Quest Diagnostics suffered a data breach last month after an unauthorized user breached the computer system of a debt collection subcontractor.
Quest, a medical testing company headquartered in Secaucus, N.J., said information regarding 11.9 million patients may have been accessed. The subcontractor, American Medical Collection Agency (AMCA), told Quest that the information included financial data, Social Security numbers, and personal medical information, but not laboratory test results.
The debt collector first notified Quest on May 14 of “potential unauthorized activity on AMCA’s web payment page.” On May 31, AMCA let Quest know that data from nearly 12 million patients may have been accessed.
AMCA has not yet provided details to Quest of the breached information, including which patients may have been affected or what was stolen. Quest, in a notice posted on its website, said it had suspended sending dunning calls and letters through AMCA.
“We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more,” Quest said in a statement.