Security

Quest Diagnostics data breach puts health care security in the spotlight

Picture illustration.

Picture illustration.  (REUTERS/Pawel Kopczynski )

Quest Diagnostics joined the list of health care companies targeted by hackers this week when it announced a data breach that exposed the health information of about 34,000 people.

In a statement released Monday, the diagnostics specialist said that “an unauthorized third party” accessed a mobile app called MyQuest by Care360 on Nov. 26 this year. Data accessed included name, date of birth, lab results, and, in some instances, phone numbers, according to a Quest Diagnostics statement.

Quest Diagnostics said that Social Security numbers, credit card information, insurance and other financial information was not accessed. “There is no indication that individuals' information has been misused in any way,” it said, in its statement.

3 BIGGEST SECURITY THREATS OF 2016

The Madison, N.J.-based company said that it immediately addressed the vulnerability when it discovered the intrusion. “Quest is taking steps to prevent similar incidents from happening in the future, and is working with a leading cybersecurity firm to assist in investigating and further evaluating the company's systems,” it added. “The investigation is ongoing and the unauthorized intrusion has been reported to law enforcement.”

Quest Diagnostics provides diagnostic services to one in three adult Americans each year, as well as half of the physicians and hospitals in the U.S.

The breach is the latest in a string of high-profile cyberattacks in the health care sector. Last year, for example, health insurance giant Anthem announced a massive breach that compromised the data of 78.8 million people.

HOSPITAL PAYS NEARLY $17G IN BITCOINS TO HACKERS WHO DISABLED COMPUTER NETWORK

In February this year, a Los Angeles hospital paid nearly $17,000 in bitcoins to hackers who disabled its computer network. In August Newkirk Products, which issues ID cards for health insurance plans, announced that a server containing personal information had been breached.  

Also this year, a hacker claimed to be selling 655,000 alleged patient health care records on the dark web, containing information such as social security numbers, addresses, and insurance details. The dark web, or darknet, refers to private networks built from connections between trusted peers using unconventional protocols. Dark Web is just one part of what is known as deep web – a vast network which is not indexed by search engines such as Google and Bing.

With the Quest Diagnostics breach, health care security has been thrust into the spotlight once again, according to Israel Levy, the CEO of security company BUFFERZONE.

HACKERS TARGET UK NATIONAL LOTTERY PLAYERS

“For hackers, developing a targeted attack is a significant effort, so it's no surprise that they focus on healthcare organizations that store highly valuable patient data (significantly more valuable than credit cards on the Dark Web!),” he told FoxNews.com, via email. “[The Quest Diagnostics] breach is yet another indication that despite regulations like HIPAA, healthcare organizations still aren't doing enough to protect themselves.”

The Health Insurance Portability and Accountability Act (HIPAA) aims to ensure the privacy of medical information.

Data released earlier this year by security researcher Ponemon Institute said that breaches could be costing the health care industry $6.2 billion annually.

Follow James Rogers on Twitter @jamesjrogers