An unauthorized user accessed the American Medical Collection Agency’s web payment page in May.
Nearly 12 million Quest Diagnostics patients’ personal information could be compromised after an unauthorized user accessed American Medical Collection Agency’s (AMCA) web payment page, according to yesterday’s announcement.
AMCA provides billing collection services to Optum360, which is a Quest contractor.
The agency told Quest and Optum360 of an unauthorized user accessing the web payment page on May 14. On May 31, AMCA told the companies of the quantity of patients whose data were potentially affected.
The personal information acquired could include financial data, Social Security numbers and medical information, but not laboratory test results, according to AMCA.
AMCA has not given Quest or Optum360 more information about the incident, including which information of which individuals could have been affected.
Quest said it has not verified the accuracy of the information received from AMCA and stopped sending collection requests to the biller.
“We are committed to keeping our patients, healthcare providers and all relevant parties informed as we learn more,” Quest Diagnostics wrote in the announcement.
With the healthcare industry at an increased risk of threat, Teow-Hin Ngair, Ph.D., CEO of SecureAge, said in a comment that one of the biggest fundamental issues is that medical agencies, providers and hospitals are not making cybersecurity enough of a priority.
Ngair said this could be because losing patient records does not directly impact these organizations’ businesses.
“Unless more regulations are put in place, this will continue to be a recurring issue,” he said.
Get the best insights in digital health directly to your inbox.
Medical Informatics Engineering Pays $100K for Data Breach of 3.5M Patients
Collaborating Is Key for Cybersecurity Plans
U.S. Health IT Experts More Confident in Cybersecurity Practices, Report Finds