NJ Company: 11.9M Patients May Have Had Personal Info Breached

A New Jersey company says up to 11.9 million may have had their personal, financial and medical information breached.

Quest Diagnostics, a Secaucus-based company that's one of the nation's largest blood-testing providers, says an unauthorized user had access to a system containing financial data, Social Security numbers and medical information, according to a release issued by the company on Monday.

Laboratory results were not breached. The system, which has approximately 11.9 million patients, was breached between May 14 and 19, according to the release.

The unauthorized user had access to American Medical Collection Agency, a billing collections service provider that provides services to Optum360, a Quest contractor.

Quest and Optum360 are working with forensic experts to investigate the matter, according to the release.

AMCA first notified Quest and Optum360 on May 14 of potential unauthorized activity that took place online. On May 31, AMCA notified Quest and Optum360 that the data on the system included information regarding approximately 11.9 million Quest patients.

AMCA has not yet provided Quest or Optum360 detailed or complete information about the data security incident, including which information or which individuals may have been affected, according to the release.

Quest also said it has not been able to verify the accuracy of the information received from AMCA.

"Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information," according to the release. "Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA."

Quest says it will be working with Optum360 to ensure that ?Quest patients are appropriately notified consistent with the law."

"We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more," according to the release.