Quest Diagnostics says nearly 12 million patients could be affected by data breach

Quest Diagnostics, one of the nation’s biggest clinical laboratories, warned that nearly 12 million patients might be affected by a data breach that happened to a collections agency the clinic uses.

American Medical Collection Agency, a billing collections service provider, said an “unauthorized user” accessed the agency’s system that contained personal information from various entities, including Quest patients, the clinic said in a statement Monday.

AMCA believes the breach included patients’ personal information, such as financial data, Social Security numbers and medical information, but not lab test results.

Quest said that AMCA notified the company about “potential unauthorized activity” on its web payment page on May 14. Then on Friday, AMCA told Quest that the information of 11.9 million patients may have been accessed.

AMCA did not provide Quest with detailed or complete information on the breach, including who may have been affected, according to Quest. The lab clinic also said that it has not been able to verify the accuracy of information provided by AMCA.

But Quest said it is taking the matter seriously and suspended sending AMCA any further collection requests.

“We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more,” Quest said in the statement.

Quest also said it is investigating the matter further and will “ensure patients are appropriately notified consistent with the law.”

This story was reported from Los Angeles.