Information from about 11.9 million Quest Diagnostics patients may have been involved in a data breach, the laboratory testing company said Monday.
The Secaucus, N.J., firm said one of its subcontractors – American Medical Collection Agency – notified it last month that an “unauthorized user” had accessed the subcontractor’s system. That system had personal information from a variety of organizations, including Quest Diagnostics, a lab services provider whose offerings include blood tests and genetic testing.
Quest Diagnostics said in a statement that American Medical Collection Agency believes that the data includes personal information, such as Social Security numbers and “certain” financial data and medical information. It did not specify what information, but it said lab test results were not affected.
A company spokesperson said Quest Diagnostics is still investigating the incident and waiting to learn more from American Medical Collection Agency about the type of information that may have been affected.
Quest has several labs in Whatcom County after purchasing eight patient service centers from PeaceHealth in May 2017. As part of that sale, the lab at St. Joseph hospital remained owned by PeaceHealth but managed by Quest.
American Medical Collection Agency is a billing collection service and provides services to one of Quest Diagnostics’ contractors. It said it has taken steps to increase its systems’ security, including hiring a third-party external forensics firm.
Quest Diagnostics said it will work with its contractor to inform patients about the breach. It has stopped sending collection requests to American Medical Collection Agency.
Dave Gallagher of The Bellingham Herald contributed to this story.