1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Attackers breach collections agent for Quest Diagnostics and LabCorp exposing 20 million...

By Cal Jeffrey · 4 replies
Jun 5, 2019
Post New Reply
  1. Close to 20 million Quest Diagnostics and LabCorp patient records were exposed in a breach of a third-party company that they both use.

    According to a Securities and Exchange Commission (SEC) filing on Monday, Quest reported that 11.9 million of its records were compromised by a security breach of its collections provider American Medical Collection Agency (AMCA). Then on Tuesday, LabCorp said that 7.7 million of its records were also exposed to the same AMCA intrusion.

    The attack targeted the AMCA’s website and skimmed personal information that included patient names, birth dates, addresses, phone numbers, dates of service, providers, and account balance. Additionally, LabCorp confirmed that nearly 200,000 patients also had their credit card or bank information stolen.

    Medical data, including history and lab results, were not compromised.

    According to Quest’s SEC filing, the AMCA’s systems were breached on August 1, 2018. The vulnerability was not discovered until March 30 of this year.

    There is no indication as to who was behind the breach, but the methods used are similar to those seen last year against big companies including British Airways, Newegg, and Ticketmaster. The group behind those intrusions, known as Magecart, used malicious Javascript injected into the victim websites to siphon off data and send it to the attackers through a secondary domain.

    It is unclear if AMCA was only used for collections of accounts that were in default or if it handled billing in general. If you are a Quest Diagnostics or LabCorp customer, you might want to keep your eye on your accounts for any suspicious activity.

    Image credit: Ken Wolter / Shutterstock.com

    Permalink to story.

  2. Uncle Al

    Uncle Al TS Evangelist Posts: 5,249   +3,666

    Couldn't happen to a more deserving company. Quest has a long record of double & triple billing their patients, completely screwing up test results, and of course, denigrating anyone that reports them. They are so bad the large medical practice I go to dropped them within 90 days of trying them ..... nuff said!
  3. Dimitrios

    Dimitrios TS Guru Posts: 430   +310

    In what state?
  4. treetops

    treetops TS Evangelist Posts: 2,496   +514

    I wonder how much more it would cost and how much high end companies would be willing to pay for the security of the old filing cabinet\paper system.
    Cal Jeffrey likes this.
  5. Kinemon

    Kinemon TS Rookie

    So the company that everyone is sent to for invasive pre-employment drug screens lost all the personal info nobody wanted to give them in the first place, great. Another company profiting from the war on drugs.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...