Case Study on the Quest Diagnostics Data Breach


In our last blog, we discussed the common HIPAA violations that occur at a rate of once per day in our country according to the U.S. Department of Health and Human Services. Today, we are delving deeper into a specific case study that recently made the national news: the Quest Diagnostics data breach.

In May of this year, Quest Diagnostics, the medical testing company, said a data breach had affected about 11.9 million patients after an “unauthorized user’’ gained access to financial data, Social Security numbers and medical data, but not laboratory test results. The American Medical Collection Agency (AMCA), a billing collections provider that works with Quest, informed the company that an unauthorized user had managed to obtain access to AMCA systems. AMCA reported that it learned its security had been penetrated from a consultant working for credit card companies.

So, here we have another example of a third party notifying the owner of the data of the breach before they even had any indication that millions of their patients had data exposed and/or stolen. In their defense, Quest did act quickly and seriously to rectify the matter. First, they suspended collections requests. In addition, law enforcement was notified and a cyber forensics firm was hired to investigate the security incident. They are currently in the part of the investigation where they are determining whose data and what specific pieces of that data was compromised. 

"We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems' security," Quest said in a statement.

These kinds of breaches continue to happen on a grand scale. We don't have to look too far back to see some of the larger hacks that put client information at risk. The Equifax hack of 2017 affected the data of 145.5 million individuals. The Yahoo attack disclosed in 2016 affected 1 billion Yahoo customers. And then there is the largest hack of medical data thus far: the health insurance company Anthem’s servers were compromised in 2014. Records of that event showed that records of 79 million people were stolen.

Data breaches continue to be a real threat to small and large companies alike. Does your company need to remain HIPAA compliant or do you merely need a security evaluation? Call Spectra Networks at 978.219.9752 or visit our website