Quest Diagnostics Inc. announced Monday that it is investigating an unauthorized third-party intrusion into an internet application on its network that exposed the Protected Health Information (PHI) of about 34,000 people.

The hack took place on November 26 through the MyQuest by Care internet application. In a news release, the lab services company said it notified the affected individuals via mail, and there is no indication that their information has been misused. The accessed data included name, date of birth, lab results, and in some instances, telephone numbers. The information did not include Social Security numbers, credit card information, insurance or other financial information.

What Quest is doing

According to the announcement, Quest is taking steps to prevent similar incidents from happening in the future, and is working with a leading cybersecurity firm to assist in investigating and further evaluating the company’s systems. The investigation is ongoing and the unauthorized intrusion has been reported to law enforcement.

While it is not yet known how the breach occurred or how extensive the damage will be, there is no doubt that it will be a costly process for the company. One news source reported that following the announcement, the company’s stock fell slightly in extended trade.

What you can do

Consider this a wake-up call for your organization. Look over the checklist for protecting data that we shared in a blog post on August 11 about another large breach.  Don’t fall victim by assuming you are protected; consider having audits performed to ensure your systems are configured properly.

Let PrivaPlan help. For more information or other services PrivaPlan provides, contact our HIPAA experts at info@privaplan.com or call 877-218-7707.