Quest Diagnostics Data Breach Affects 11.9M Patients


A Quest Diagnostics Inc. client hit the lab company with a putative class action in New Jersey federal court Thursday over a recently revealed data breach that compromised the Social Security numbers, banking information and medical data of 11.9 million patients.

Quest rivals LabCorp and Opko Health have subsequently reported being affected by the same breach, bringing the total number of impacted patients to upwards of 20 million.

Quest confirmed in its filing that no laboratory results were compromised since no laboratory information was provided to AMCA.

Medical tests and medication firm OPKO Health Inc present in over 30 countries says that one of its subsidiaries, BioReference Laboratories Inc, was notified by American Medical Collection Agency (AMCA) of unauthorized activity on its web payment page.

"AMCA's affected system also included credit card or bank account information that was provided by the consumer to AMCA (for those who sought to pay their balance)", the filing with the u.S. Securities and Exchange Commission reads.

BioReference's announcements comes after testing giants Quest and LabCorp announced they too were customers of AMCA, with potentially millions of patients affected by the breach.

The information on the affected system included patient names, dates of birth, addresses, phone numbers, dates of service, providers and balance information as well as credit card and bank information.

AMCA has advised BioReference that AMCA is providing notice to state attorneys general and other state agencies as required by applicable state data breach laws.

Opko Health learned June 6 that 422,600 patients may have had their data exposed in the breach.

Opko Health said its affected unit, BioReference Laboratories Inc, suspended collection requests to AMCA since October a year ago, and has asked the vendor to stop working on any pending collection requests involving the company's customers.

The incident is under the investigation performed by New York, Minnesota, North Carolina, and MI state attorneys.

Two major laboratories announced data breaches this week in filings with the SEC.