toggle accessibility mode
quest diagnostics data breach

Quest Diagnostics Data Breach: Another Healthcare Hack

By John DiGiacomo

The Quest Diagnostics data breach is the most recent health care entity to be affected by security hack in 2016. In late November, Quest Diagnostic, a medical laboratory company used by countless health care entities nationwide, announced that it had recently identified itself as a victim of a data breach. According to the company, an unauthorized third party gained access to Quest Diagnostics’ computer systems and compromised patient information kept in the system by exploiting security weaknesses in an internet application called MyQuest by Care360. 

The health and personal information of more than 34,000 patients who used the MyQuest by Care360 application were exposed in the Quest Diagnostics data breach. Personal identifying information, such as  patient name, dates of birth, telephone numbers, health information, and laboratory test results, was just some of the patient information that was compromised in the data security breach. No credit card, debit card, insurance, or other financial information was exposed in the attack, nor were any patient Social Security numbers disclosed as part of the hack. The company did not specify if the hack was limited to patients in a specific geographical area, as Quest Diagnostic runs laboratory facilities all across the country.

Upon identifying the hack, Quest Diagnostics took immediate steps to contain the intrusion into their system, and began addressing the vulnerabilities in their internet application that were used by the hackers to compromised patient data. Even though there has been no indication that the exposed data has been misused in any way, victims of the Quest Diagnostics data breach are being notified and compliance with New Jersey data breach notification laws.

Why Do Hackers go After Patient Healthcare Information?

Healthcare data is a particularly attractive target for cyber hackers. Patient information obtained from a healthcare entity is not easy to change once a hack has been detected. Unlike information stolen from a bank or financial institution where new passcodes or cards can be issued to restore the security of the system, healthcare data is permanent information that does not change. Healthcare data systems are also packed with vulnerabilities because federal law required that all healthcare entities adopt electronic health records for their patients in a relatively short period of time, and many entities did not have sufficient time to implement secure and protected systems that were fully vetted for security vulnerabilities.

While a government push for more integrated healthcare is good for people overall, the push for rapid regulatory compliance has produced cybersecurity issues as a byproduct. According to Accenture, it is estimated that one out of every 13 patients will have their patient data hacked over the next five years. Furthermore, it is estimated that cyber attacks will cost healthcare systems more than 305 billion dollars over the next five years due to breaches and implementation of security systems and data protection mechanisms.  

Contact a Healthcare Cybersecurity Lawyer

Cyber Security is ever-changing area of law, especially in the healthcare context. Breaches of healthcare cybersecurity systems are occurring more frequently. When breaches happen, healthcare providers have certain obligations that they must fulfill. The data breach attorneys at Revision Legal have worked with healthcare entities to ensure compliance with breach notification laws. Contact the experienced data breach attorneys at Revision Legal as soon as you can. Contact us using the form on this page or call us at 855-473-8474.

Put Revision Legal on your side