2019-06-03 QUEST DIAGNOSTICS INC Cybersecurity Incident

Page last updated on April 11, 2024

QUEST DIAGNOSTICS INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2019-06-03 06:14:15 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2019-03-30
Detected Date: 2019-05-14
Disclosure Date: 2019-06-03
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)


8-K filed on 2019-06-03

QUEST DIAGNOSTICS INC filed an 8-K at 2019-06-03 06:14:15 EDT
Accession Number: 0000947871-19-000415

Item 8.01 Other Events.

On May 14, 2019, American Medical Collection Agency (AMCA), a billing collections vendor, notified Quest Diagnostics Incorporated (“Quest Diagnostics”) and Optum360 LLC, Quest Diagnostics’ revenue cycle management provider, of potential unauthorized activity on AMCA’s web payment page. Quest Diagnostics and Optum360 promptly sought information from AMCA about the incident, including what, if any, information was subject to unauthorized access.

Although Quest Diagnostics and Optum360 have not yet received detailed or complete information from AMCA about the incident, AMCA has informed Quest Diagnostics and Optum360 that:

· between August 1, 2018 and March 30, 2019 an unauthorized user had access to AMCA’s system that contained information that AMCA had received from various entities, including Quest Diagnostics, and information that AMCA collected itself;

· the information on AMCA’s affected system included financial information (e.g., credit card numbers and bank account information), medical information and other personal information (e.g., Social Security Numbers);

· as of May 31, 2019, AMCA believes that the number of Quest Diagnostics patients whose information was contained on AMCA’s affected system was approximately 11.9 million people; and

· AMCA has been in contact with law enforcement regarding the incident.

Quest Diagnostics has not been able to verify the accuracy of the information received from AMCA.

Quest Diagnostics’ laboratory test results were not provided to AMCA and were therefore not impacted by this incident.

In response to this incident, Quest Diagnostics has:

· suspended sending collection requests to AMCA;

· provided notifications to affected health plans and will ensure that notification is provided to regulators and others as required by federal and state law; and

· been working and will continue to work diligently, along with Optum360, AMCA and outside security experts, to investigate the AMCA data security incident and its potential impact on Quest Diagnostics and its patients.

Quest Diagnostics has insurance coverage in place for certain potential liabilities and costs relating to the incident; this insurance is limited in amount and subject to a deductible.

Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information.

Company Information

SIC DescriptionServices-Medical Laboratories
TickerDGX - NYSE
CategoryLarge accelerated filer
Fiscal Year EndDecember 30