Major medical laboratory operator Quest Diagnostics Inc. has acknowledged a data breach in which one of its web applications was hacked, exposing the protected health information (PHI) of some 34,000 individuals.
According to a statement on its website, Quest said that it is “investigating an unauthorized third-party intrusion into an internet application on its network.” The company provided notice to individuals whose accounts have been affected.
Specifically, on Nov. 26, an unauthorized third party accessed the MyQuest by Care360 internet application and obtained the PHI of some 34,000 individuals. The accessed data included name, date of birth, lab results, and in some instances, telephone numbers. The information did not include Social Security numbers, credit card information, insurance or other financial information. There is no indication that individuals' information has been misused in any way, Quest said.
Quest added that it is taking steps to prevent similar incidents from happening in the future, and is teaming up with a “leading cybersecurity firm to assist in investigating and further evaluating the company's systems. The investigation is ongoing and the unauthorized intrusion has been reported to law enforcement,” the statement said.
