Quest Diagnostics Incorporated, one of the largest providers of diagnostic testing services, has announced that its billing collections vendor reported “potential unauthorized activity” on its web payment page. The vendor, American Medical Collection Agency (AMCA), reported that Quest’s revenue cycle management provider, Optum360 LLC, was also affected.
AMCA informed Quest that hackers accessed AMCA’s system during the eight-month period between August 2018 and March 2019, and that 11.9 million patients’ information, including credit card numbers, bank account information, medical information, and social security numbers, was potentially stolen.
In response to the notification, Quest has stopped sending collection requests to AMCA, and notified the affected health plans. The company says that it is working diligently with Optum360 and AMCA and outside security experts to investigate the impact of the security incident. Quest also indicated that it has notified the affected health plans, and will comply with federal and state law with regard to notification to regulators, and that AMCA has contacted law enforcement about the incident.