Quest Diagnostics said Monday that nearly 12 million customers may have had their financial, personal, and medical information breached.
The breach incurred through the American Medical Collection Agency, a third-party vendor that provides billing collections services for the company. Quest Diagnostics said it has stopped using AMCA since learning of the incident.
"Quest is taking this matter very seriously and is committed to the privacy and security of our patients' personal information," the company said in a news release. "Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA."
Quest Diagnostics is one of the largest blood-testing providers in the country.
What are the details?
AMCA first notified Quest Diagnostics of the data security breach on May 14.
According to a filing with the U.S. Securities Exchange Commission, an unauthorized person had access to Quest Diagnostics' customers' information between Aug. 1, 2018, and March 30, 2019.
The company said that actual lab results were not included on the affected system.
"AMCA believes this information includes personal information, including certain financial data, Social Security numbers, and medical information, but not laboratory test results," the release said.
On May 31, Quest said it learned that the breach affected 11.9 million Quest Diagnostics patients.
"Quest Diagnostics has not been able to verify the accuracy of the information received from AMCA," according to the SEC filing.
AMCA has not yet provided Quest Diagnostics with "detailed or complete information" about the security breach, the company said, which noted it would contact affected patients, once it has that information.
The company said it is working with law enforcement officials.
"We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more," the release said.
It's the second time in three years that Quest Diagnostics customers' information has been compromised, according to TechCrunch. In 2016, the company said 34,000 patients had data stolen by hackers.