Quest Diagnostics Data Breach: Another Healthcare Hack featured image

Quest Diagnostics Data Breach: Another Healthcare Hack

by John DiGiacomo

Partner

Data Breach

The Quest Diagnostics data breach is the most recent health care entity to be affected by security hack in 2016. In late November, Quest Diagnostic, a medical laboratory company used by countless health care entities nationwide, announced that it had recently identified itself as a victim of a data breach. According to the company, an unauthorized third party gained access to Quest Diagnostics’ computer systems and compromised patient information kept in the system by exploiting security weaknesses in an internet application called MyQuest by Care360. 

The health and personal information of more than 34,000 patients who used the MyQuest by Care360 application were exposed in the Quest Diagnostics data breach. Personal identifying information, such as  patient name, dates of birth, telephone numbers, health information, and laboratory test results, was just some of the patient information that was compromised in the data security breach. No credit card, debit card, insurance, or other financial information was exposed in the attack, nor were any patient Social Security numbers disclosed as part of the hack. The company did not specify if the hack was limited to patients in a specific geographical area, as Quest Diagnostic runs laboratory facilities all across the country.

Upon identifying the hack, Quest Diagnostics took immediate steps to contain the intrusion into their system, and began addressing the vulnerabilities in their internet application that were used by the hackers to compromised patient data. Even though there has been no indication that the exposed data has been misused in any way, victims of the Quest Diagnostics data breach are being notified and compliance with New Jersey data breach notification laws.

Why Do Hackers go After Patient Healthcare Information?

Healthcare data is a particularly attractive target for cyber hackers. Patient information obtained from a healthcare entity is not easy to change once a hack has been detected. Unlike information stolen from a bank or financial institution where new passcodes or cards can be issued to restore the security of the system, healthcare data is permanent information that does not change. Healthcare data systems are also packed with vulnerabilities because federal law required that all healthcare entities adopt electronic health records for their patients in a relatively short period of time, and many entities did not have sufficient time to implement secure and protected systems that were fully vetted for security vulnerabilities.

While a government push for more integrated healthcare is good for people overall, the push for rapid regulatory compliance has produced cybersecurity issues as a byproduct. According to Accenture, it is estimated that one out of every 13 patients will have their patient data hacked over the next five years. Furthermore, it is estimated that cyber attacks will cost healthcare systems more than 305 billion dollars over the next five years due to breaches and implementation of security systems and data protection mechanisms.  

Contact a Healthcare Cybersecurity Lawyer

Cyber Security is ever-changing area of law, especially in the healthcare context. Breaches of healthcare cybersecurity systems are occurring more frequently. When breaches happen, healthcare providers have certain obligations that they must fulfill. The data breach attorneys at Revision Legal have worked with healthcare entities to ensure compliance with breach notification laws. Contact the experienced data breach attorneys at Revision Legal as soon as you can. Contact us using the form on this page or call us at 855-473-8474.

Extra, Extra!
Recent Posts

FTC Adopts Final “Click to Cancel Rule”

FTC Adopts Final “Click to Cancel Rule”

Internet Law

The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]

Read more about FTC Adopts Final “Click to Cancel Rule”

Understanding Product Liability Law for Ecommerce Merchants

Understanding Product Liability Law for Ecommerce Merchants

Internet Law

Introduction Being an ecommerce merchant is hard; you have to keep an eye on your advertising spend, control your inventory, and make sure your customers are happy. Additionally, you also have to navigate a complex landscape of legal responsibilities. One of these areas, which is often overlooked, is product liability. Product liability law holds manufacturers, […]

Read more about Understanding Product Liability Law for Ecommerce Merchants

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Internet Law

Introduction In our increasingly digital world, the significance of internet privacy is paramount. Internet privacy attorneys are essential in safeguarding the rights of individuals and organizations against various privacy-related challenges. This blog post delves into the key issues these attorneys address. Data Breaches and Cybersecurity Data breaches occur when sensitive information is accessed or disclosed […]

Read more about Understanding the Role of Internet Privacy Attorneys: Key Issues They Handle

Put Revision Legal on your side