The data breach that potentially exposed the personal and healthcare information of nearly 12 million Quest Diagnostics customers has also possibly affected another 7.7 million customers of fellow lab testing company LabCorp.
In an SEC filing, LabCorp disclosed that its vendor American Medical Collection Agency had a data breach that provided an unauthorized user access to AMCA’s system between August 1, 2018 and March 30, 2019.
The information accessible by the breach included first and last name, date of birth, address, phone, date of service, provider and balance information.
AMCA has told LabCorp that it is in the process of sending notices to the approximately 200,000 of the company’s consumers whose credit card or bank account information may have been accessed and will offer them identity protection and credit monitoring services for 24 months.
A full list of the affected customers has not been shared with LabCorp.
In response to the breach, LabCorp ceased sending new collection requests to AMCA and stopped AMCA from continuing to work on any pending collection requests involving LabCorp consumers.
“The increased dependency on third party service providers entails a level of losing control, which in turn requires organizations to ensure their core assets are built securely and constantly tested,” said Uri Barel, the Global Head of Cyber Security Practice at software testing company Qualitest.
“Incidents such as with Quest Diagnostics and LabCorp should act as a warning to every company – now more than ever, systems should be built secure by design, with a rigorous system of protection and prevention that is regularly tested in place.”
Photo: ValeryBrozhinsky, Getty Images