Quest Diagnostics, a New Jersey-based diagnostic testing company, announced today that on Nov. 26, its web app was hacked.
An unauthorized third party hacked into its MyQuest by Care360 internet application and accessed the data of more than 34,000 patients, Quest Diagnostics said. According to the release, the information accessed includes patients’ name, date of birth, lab results, and some telephone numbers. It did not include Social Security number data, financial information such as credit card numbers, or insurance information. And at this point, there isn’t evidence that the data has been misused.
Since the incident, Quest Diagnostics has started working with “a leading cybersecurity firm” to address vulnerabilities in its site, and ensure future data breaches don’t happen.
The health care industry seems to be at the center of a hacking epidemic: Earlier this year, it was suffering from an average of four data breaches per week, according to stats from the U.S. Department of Health and Human Services, and in 2015, it was the second most-hacked sector, behind the business sector. Just this June, a hacker tried to sell more than 655,000 patient records from three hacked healthcare organizations. In that case, the information included data that could be used for identity theft or fraud, including patients’ full names, Social Security numbers, dates of birth, and addresses.
Unlike hacking a financial institution, where safeguards are in place to quickly change victim’s credentials (such as their account password) or shut down access to an account once fraudulent activity is detected, the healthcare industry contains a wealth of information that can be used by criminals for years. More than 155 million Americans have had their healthcare data exposed since 2009.
In today’s case, Quest Diagnostics has already reached out to individuals whose data was compromised in the breach, but if you’re unsure, have questions, or want more information, you can call Quest’s toll-free line at (888) 320-9970.
H/T New York Times