NEW YORKâQuest Diagnostics said the personal financial information of 11.9 million customers has potentially been compromised.
In a statement, the company said an "unauthorized user" had gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor hired by a Quest contractor called Optum360. Quest said the information that may have been exposed included Social Security numbers and medical information, but not test results.
Credit unions are frequently warned about potential breaches by third parties, such as that at Quest.
According to Quest, AMCA first notified it on May 14 of "potential unauthorized activity" on its payment page. Two weeks later, according to Quest, AMCA then told Quest and Optum360 more about the breach, including the number of patients potentially affected and what information was accessed.
Quest reported it has suspended using AMCA and that it was using "forensic experts" to examine the issue. It further said AMCA has not yet provided "detailed or complete information" about the intrusion, including which customers might have been affected.
"We are committed to keeping our patients, healthcare providers, and all relevant parties informed as we learn more," Quest said in the release.
Quest has approximately 2,200 locations across the United States.