Newsroom

A web payment system used by one of Quest Diagnostics' billing collections firms was breached between August 2018 and March 2019, exposing sensitive information of as many as 11.9 million patients. Patients' financial information – including credit card numbers and bank account details – Social Security numbers and medical information were likely accessed.

According to a release, Quest was notified of the breach May 14 by American Medical Collection Agency. The breach is under further investigation, though Quest said it did not affect laboratory results.

Quest is directing those concerned about the breach to its customer service hotline (866-MY-QUEST).

NAFCU – a leader in calling for a national data security standard – has advocated for safeguards to ensure negligent entities are held accountable for data exposures, consumers have control over their data and are notified of breaches in a timely manner. The association believes that all entities – not just financial institutions – that handle consumer information must comply with comprehensive federal data protection standards.

The association has long been active with lawmakers on the issue of data security and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system.