Nearly 12M Quest Diagnostics Patients Affected by AMCA Data Breach (Jun 4, 2019)
Diagnostic testing provider, Quest Diagnostics, has announced that a third-party billing collections company they use has been hit by a data breach, affecting 11.9 million of Quest’s customers. The potentially compromised information includes patient financial information and personal information, including Social Security numbers. The billings collection service provider, American Medical Collection Agency (AMCA), informed Quest Diagnostics that an unauthorized user had access to AMCA systems containing personal information received from Quest. The SEC filing filed by Quest Diagnostics reveals that the attackers had access to the AMCA’s system between August 1, 2018 and March 30, 2019. An AMCA spokesperson said that they have taken down their web payments page and are investigating the security breach with the help of a third-party forensics firm. Quest Diagnostics have suspended sending collection requests to AMCA for the moment.
Recommendation: The financial information that was disclosed seems to be very comprehensive (credit card numbers, bank accounts, etc), and victims could have their identity stolen and financial transactions made in their name. Users that believe they have been impacted by this data breach should monitor their credit cards and bank accounts for unusual activity, and, in addition, freeze their credit reports.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.