DATA BREACH FALLOUT
Democratic Sens. Bob Menendez (N.J.) and Cory Booker (N.J.) want answers from blood-testing company Quest Diagnostics following a recent data breach that exposed the personal information of an estimated 12 million patients, as another firm revealed that it also had medical data exposed by the incident.
The breach involved an unauthorized user gaining access to the American Medical Collection Agency (AMCA), a billing provider for Quest, potentially compromising Social Security numbers, financial information and personal medical data.
In a Wednesday letter sent to New Jersey-based Quest, the two senators sought details about how the breach occurred and what steps are being taken in response. They specifically took issue with news reports saying it took seven months for the company to publicly disclose the hack.
“As the nation’s largest blood testing provider, this data breach places the information of millions of patients at risk,” Menendez and Booker wrote. “The months-long leak leaves sensitive personal information vulnerable in the hands of criminal enterprises. Moreover, such breaches force victims to contend with identity theft that may lead to irreparable harm to their credit reports and financial futures, and to confront the real possibility that their confidential medical information and history has been exposed.”
The senators said they want to ensure that companies with access to patient data understand how to protect that information. They gave Quest until June 14 to respond to their questions about the timeline of the breach and how the company previously protected its systems.
Sen. Mark Warner (D-Va.) separately wrote a letter to Quest on Wednesday also demanding answers about the data breach, and criticized the company for failing to protect its patients’ personal information.
The letter was sent on the heels of a disclosure that another blood testing company, LabCorp, was also impacted by the AMCA data breach.
In a Tuesday filing to the Securities and Exchange Commission, LabCorp reported that the personal information of 7.7 million of its customers was exposed to the same unauthorized user. LabCorp said it was informed by AMCA that the data were exposed between August 2018 and March of this year.