Security Experts Weigh in on Quest Diagnostics Vendor Breach -- Security Today

Security Experts Weigh in on Quest Diagnostics Vendor Breach

Quest Diagnostics has warned its 12 million customers that their personal, financial and medical data may have been exposed.

By Sydny Shepard
Jun 04, 2019

Quest Diagnostics, one of the biggest blood testing providers in the country, has warned its 12 million customers that they may have had their personal, financial and medical information breached due to an issue with one of its vendors.

Quest said it was notified that between Aug. 1, 2018 and March 30, 2019, someone had unauthorized access to the systems of AMCA, a billing collections vendor, according to Wendy Bost, a spokesperson for Quest.

Security experts are weighing in on the additional security risks a company takes on when partnering with outside vendors.

“Once again, a breach that results from third party vulnerabilities,” Colin Bastable, CEO of Lucy Security said. “Outsourcing billing to third party vendors is a great way to extract efficiencies by reducing core costs, but it exposes the business and its customers to uncontrollable security risks. The fragmented healthcare industry, like the fragmented home finance and buying industry, is vulnerable because there are so many moving parts, so many areas where bad actors have multiple points of entry to exploit inadequate security.”

According to Pankaj Parekh, chief product and strategy officer at SecurityFirst, it is not enough to protect just your company’s data, you must also understand the risk associated with sharing that data to third parties.

“Enterprises like Quest Diagnostics must carefully assess the security practices of their vendors to make sure that customer data is secured,” Parekh said. “This is a lot more work for already stretched security and IT teams.”

Laurence Pitt, security strategy director at Juniper Networks, stressed that you cannot outside security responsibility.

“Although there’s no evidence in weakness of the security that Quest Diagnostics are using, this was a breach through a vendor in their supply chain and shows that however good your security strategy is, it can only ever be as good as the weakest link in the chain – and that could easily be a third party,” Pitt said. “It’s essential to evaluate security for every link in the supply chain, and data-protection regulations enforce this.”

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

National Monitoring Center Secures Updated TMA Installation Quality (IQ) Certification
04/24/2024
PSA TEC 2024 Runs May 13-17 in Dallas
04/24/2024
Hanwha Vision Announces Support for Genetec Security Center SaaS Unified Solution
04/24/2024
ISC West 2024 Welcomed More Than 29,000 Attendees
04/17/2024
Evolon Introduces AI-Powered Video Monitoring Service 
04/17/2024
Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution
04/15/2024
Allegion US Features Interoperability, Mobile Credentials and More at ISC West
04/10/2024
Altronix Showcases Products to Protect Critical Infrastructure at ISC West
04/10/2024

Featured

Perimeter Security Standards for Multi-Site Businesses

When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now
New Research Shows a Continuing Increase in Ransomware Victims

GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now
- Cybersecurity
OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now
- Cybersecurity
Getting in Someone’s Face

There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now
- Industry Events
- ISC West

Webinars

Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Eagle Eye Networks Inc, Evolv Technology, Arcules, ZeroEyes

Shooter Detection: The First Line of Defense
Hanwha Vision (formerly Hanwha Techwin), Salient Systems, Arcules

Embracing AI-driven Access Control
HID Global

Unlock the Potential: Why Make the Shift to Mobile Credentials

Whitepapers

Genetec

How to Modernize Your Existing Security Systems Using Hybrid-Cloud
Eagle Eye Networks Inc

Are you ready for an on-site emergency? A practical checklist
Winsted Corporation

Top Considerations Designing an Ergonomic Control Room

New Products

PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3
Mobile Safe Shield

SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3
Connect ONE®

Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

Security Experts Weigh in on Quest Diagnostics Vendor Breach

National Monitoring Center Secures Updated TMA Installation Quality (IQ) Certification

PSA TEC 2024 Runs May 13-17 in Dallas

Hanwha Vision Announces Support for Genetec Security Center SaaS Unified Solution

ISC West 2024 Welcomed More Than 29,000 Attendees

Evolon Introduces AI-Powered Video Monitoring Service

Resideo to Acquire Snap One to Expand Presence in Smart Living Products and Distribution

Allegion US Features Interoperability, Mobile Credentials and More at ISC West