Quest Diagnostics Data Breach: Another Healthcare Hack featured image

Quest Diagnostics Data Breach: Another Healthcare Hack

by John DiGiacomo

Partner

Data Breach

The Quest Diagnostics data breach is the most recent health care entity to be affected by security hack in 2016. In late November, Quest Diagnostic, a medical laboratory company used by countless health care entities nationwide, announced that it had recently identified itself as a victim of a data breach. According to the company, an unauthorized third party gained access to Quest Diagnostics’ computer systems and compromised patient information kept in the system by exploiting security weaknesses in an internet application called MyQuest by Care360. 

The health and personal information of more than 34,000 patients who used the MyQuest by Care360 application were exposed in the Quest Diagnostics data breach. Personal identifying information, such as  patient name, dates of birth, telephone numbers, health information, and laboratory test results, was just some of the patient information that was compromised in the data security breach. No credit card, debit card, insurance, or other financial information was exposed in the attack, nor were any patient Social Security numbers disclosed as part of the hack. The company did not specify if the hack was limited to patients in a specific geographical area, as Quest Diagnostic runs laboratory facilities all across the country.

Upon identifying the hack, Quest Diagnostics took immediate steps to contain the intrusion into their system, and began addressing the vulnerabilities in their internet application that were used by the hackers to compromised patient data. Even though there has been no indication that the exposed data has been misused in any way, victims of the Quest Diagnostics data breach are being notified and compliance with New Jersey data breach notification laws.

Why Do Hackers go After Patient Healthcare Information?

Healthcare data is a particularly attractive target for cyber hackers. Patient information obtained from a healthcare entity is not easy to change once a hack has been detected. Unlike information stolen from a bank or financial institution where new passcodes or cards can be issued to restore the security of the system, healthcare data is permanent information that does not change. Healthcare data systems are also packed with vulnerabilities because federal law required that all healthcare entities adopt electronic health records for their patients in a relatively short period of time, and many entities did not have sufficient time to implement secure and protected systems that were fully vetted for security vulnerabilities.

While a government push for more integrated healthcare is good for people overall, the push for rapid regulatory compliance has produced cybersecurity issues as a byproduct. According to Accenture, it is estimated that one out of every 13 patients will have their patient data hacked over the next five years. Furthermore, it is estimated that cyber attacks will cost healthcare systems more than 305 billion dollars over the next five years due to breaches and implementation of security systems and data protection mechanisms.  

Contact a Healthcare Cybersecurity Lawyer

Cyber Security is ever-changing area of law, especially in the healthcare context. Breaches of healthcare cybersecurity systems are occurring more frequently. When breaches happen, healthcare providers have certain obligations that they must fulfill. The data breach attorneys at Revision Legal have worked with healthcare entities to ensure compliance with breach notification laws. Contact the experienced data breach attorneys at Revision Legal as soon as you can. Contact us using the form on this page or call us at 855-473-8474.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side

Let's Discuss Your Case