Quest breach stirs fraud fears
Medical, financial data of up to 12 million at risk
Florian Wehrli is “99% sure” that someone has stolen his family’s medical records and financial information.
Wehrli’s wife, Noverly, was diagnosed with non-small-cell lung cancer in January 2014. Since then, the family has made several visits to the Quest Diagnostics medical laboratory in Newton, New Jersey, for a wide range of medical tests – including blood tests, MRI scans, CT scans and more.
Monday, the diagnostic testing provider confirmed in a filing with securities regulators that up to 12 million patients may be affected by a data breach at the American Medical Collection Agency.
The AMCA was also the third party responsible for a LabCorp data breach affecting 7.7 million customers, the testing company said Tuesday.
Apart from personal medical information, the company reported that the affected patients’ Social Security numbers and financial data were breached as well, leaving patients susceptible to financial fraud.
“I get insurance from work,” said Wehrli, who lives in northern New Jersey but works as a chef in New York City. “But if I were to quit there, I’d have to get my own insurance. If someone knows that my wife is taking tests like this, for health insurance or anything, would we be denied?”
According to Neal O’Farrell, executive director of the nonprofit Identity Theft Council in California, the Quest breach leaves affected patients very vulnerable to hackers.
The scope of the Quest breach pales in comparison to other recent data breaches.
In the case of the Anthem data breach of 2014, hackers infiltrated the health insurance company’s servers to
“As both a consumer and a patient, my biggest fear is my medical history making it into the hands of the bad guys.” Neal O’Farrell Identity Theft Council
access Social Security numbers, addresses and other financial information from nearly 80 million people.
A breach last year at Equifax, one of the nation’s foremost credit reporting companies, compromised the financial information of approximately 143 million Americans.
This time, hackers stole personal medical information, which O’Farrell said is even more valuable.
“As both a consumer and a patient, my biggest fear is my medical history making it into the hands of the bad guys,” O’Farrell said. “With my medical records, it becomes much different.”
O’Farrell said hackers could use sensitive medical data to come after consumers with more nuanced phishing attacks. Phishing is the fraudulent method by which hackers pose as a credible source – usually a person or company – in an attempt to convince internet users to give them valuable, personal information.
O’Farrell encouraged people who may have been affected in the Quest breach to be extra vigilant when using the internet.