Quest Diagnostics, one of the biggest blood testing providers in the country, warned Monday that nearly 12 million of its customers may have had personal, financial and medical information breached due to an issue with one of its vendors.
In a filing with securities regulators, Quest said it was notified that between Aug. 1, 2018, and March 30, 2019, that someone had unauthorized access to the systems of AMCA, a billing collections vendor.
"(The) information on AMCA’s affected system included financial information (e.g., credit card numbers and bank account information), medical information and other personal information (e.g., Social Security Numbers)," Quest said in the filing.
While customers' broad medical information might have been compromised, Quest said AMCA did not have access to actual lab test results, and so therefore that data was not impacted.
Quest said it was told that as of May 31, information on roughly 11.9 million of its patients was stored on the affected AMCA system.
The company said it has not received "detailed or complete" information from AMCA about the breach yet.
"Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information," the company added in the filing.