(WXYZ) — Quest Diagnostics says nearly 12 million people could have been affected by a data breach that includes their personal information, certain financial data, Social Security numbers and medical information.
According to the company, American Medical Collection Agency informed Quset that an unauthorized user had access to AMCA's system containing personal information they received from various entities, including Quest.
AMCA provides billing collection services to Optum360, which is a Quest contractor.
According to Quest, AMCA first notified them on May 14 of potential unauthorized activity on the AMCA web payment page, and on May 31, they notified them that the data included information on about 11.9 million Quest patients.
AMCA has not yet given detailed or complete information about the data breach to Quest or Optum360, the company said, including which information of which individuals may have been affected. Quest has not also been able to verify the accuracy of information received from AMCA, they said.
"Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA," the company said.
Chris Burrows is the senior vice president of Security Solutions for CBI, a Detroit-based company specializing in cyber security.
"It happens all the time now," Burrows said. "Just about every single day you hear about a breach."
He adds that hackers use the personal information to make money for themselves.
“It was posted for sale on the dark web,” Burrows explained. “Actively there are websites out there that have batches of data for sale and it’s relatively cheap, $1 or less per record.”
If you are concerned, Burrows says keep a close eye on your credit card activity and your credit report. You can also ask your bank to set up fraud alerts. If you aren’t planning to buy a home or car anytime soon, consider freezing your credit so no one can open new accounts in your name.
Burrows says it may be difficult to hold companies accountable for data breaches because its hard to prove they are responsible. According to him, the best defense is to constantly be on the lookout for identity theft.
"It’s up to you," he said. "I mean, look at all the different breaches that happened so far.”