Quest Diagnostics Says Personal Health Information of 34,000 Customers Hacked

Quest Diagnostics has said in a statement that a hack of an internet application on its network has exposed the personal health information of nearly 34,000 people. "Quest Diagnostics has notified affected individuals via mail and established a dedicated toll-free number to call with questions regarding this incident," the company said. CBS News reports: The Madison, New Jersey-based company says âoean unauthorized third partyâ on Nov. 26 gained access to customer information including names, dates of birth, lab results and in some instances, telephone numbers. The stolen data did not include Social Security numbers, credit card accounts, insurance details or any other financial information. Quest said Monday it is working with a cybersecurity firm and law enforcement to investigate the breach, while taking steps to prevent similar incidents from recurring. If you think you're affected by this hack, you can call (888) 320-9970.

Quest Care360

[Mr+Foobar]

It seems a lot of the posters here really didn't read the article, and/or have no idea just exactly what got hacked.

Disclosure: I work with their major competitor. We have an online app almost exactly like Quest's, as do many of our competitors. Most of these online apps have about the same functionality, more or less, and work very similarly.

Care360 is Quest's online results delivery online app. The app itself belongs to Quest, and is run on hardware they own/lease. Provider offices ask for access to this app to receive their patient results. Typically this access is very restricted and narrow. The provider office only see the results they need to see. Some offices only see a couple new results a day (if any), other offices may see hundreds, even thousands of new results a day. An optional piece of software is an autoprint utility, which allows the office to get results automatically printed to some office printer, or even as PDF files on a receiving computer. Even another option is to have the results automatically received into the office management system with an electronic data interface.

Another part of these systems allows the client to make a test requisition that can either be given to the patient, put into a system that the blood draw centers can receive, or go along with the specimens the office draws themselves. This is what I think got hacked. This requisition making system has all the patient demographics needed to process and bill the patient's lab work, including their address info, responsible party info, and insurance subscriber info including any needed billing info. It is everything the lab needs to know to bill, and in most cases also includes diagnosis codes. It is quite a lot of info for each patient, and has to be current for a successful billing.

Re:Stop skimping on healthcare IT

[ArmoredDragon]

You don't work in healthcare do you?
What the MD says is what you do. Unless you are willing to back it up with a thesis, which gets tiring.
Sure there may be some management that can make some decisions but those are only ones that don't directly affect the MDs

I do work in healthcare, and no, MDs don't tell us (IT) how to run day to day stuff. They will ask us to support certain applications, but they leave it up to us for how we implement them, secure them, etc.