AMCA Makes Statement on Quest Diagnostics Vendor Breach

AMCA Makes Statement on Quest Diagnostics Vendor Breach

The AMCA said they hired a third-party external forensics firm to investigate the Quest Diagnostics data breach

  • By Kaitlyn DeHaven
  • Jun 05, 2019

Following an announcement from Quest Diagnostics regarding their billing collection service provider data breach on Monday, the American Medical Collection Agency (AMCA), the billing collection service provider for Quest, said they are taking necessary measures to protect their customers’ privacy.

A spokesperson for the AMCA said that the agency is doing its best to contain the breach by taking down routes the attacker could have taken to expose the information.

The spokesperson said the AMCA “hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security. We have also advised law enforcement of this incident.”

While Quest claims they do not have the “complete information” on which customers were affected by the breach, they will “ensure that Quest patients are appropriately notified consistent with the law.”

Stephen Breidenbach, the co-chair of the Cybersecurity, Privacy, and Technology Practice Group at New York law firm Moritt Hock & Hamroff, told The Hill that containing the breach by finding the avenue the attacker utilized to reach the information should be the AMCA’s priority.

“It's very important at this stage that AMCA contain the breach and ensure the attacker has not established a method to reenter AMCA's systems,” Breidenbach said.

He said that even though the agency believes they have found the way the attacker initially breached the system, they must make sure all other ways the attacker could potentially get in are secure.

“Just because the company found and closed the door that the attacker came through does not mean all the doors to the business (e.g., other unpatched programs) are shut,” Breidenbach said. “It also doesn’t prove that the attacker never established an alternative method of entry, such as installing his/her own software that allows the attacker to reconnect to the network independent of the vulnerability.”

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Securing the Future

    Two security experts sit down with Security Today’s editor in chief Ralph C. Jensen to discuss what they see emerging and changing over the next several years along with how security stakeholders can harness these innovations into opportunities. Read Now

  • Collaboration Made Easy Using a Work Management Platform

    Effective collaboration between security operators, teams and other departments is critical to the smooth functioning of organizations. Yet, as organizations grow in complexity, it becomes more difficult for teams to coordinate with each other. This is compounded by staffing shortages, turnover and ineffective collaboration tools. Read Now

  • Creating a Safer World

    Managing and supporting locks and door hardware within a facility is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Read Now

  • Creating More Versatility

    Today, AI has become top of mind for most security professionals. It is the topic of conversation in the technology world and continues to transform the way data is used to make important business decisions. Read Now

Most   Popular

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.