AMCA Makes Statement on Quest Diagnostics Vendor Breach

AMCA Makes Statement on Quest Diagnostics Vendor Breach

The AMCA said they hired a third-party external forensics firm to investigate the Quest Diagnostics data breach

Following an announcement from Quest Diagnostics regarding their billing collection service provider data breach on Monday, the American Medical Collection Agency (AMCA), the billing collection service provider for Quest, said they are taking necessary measures to protect their customers’ privacy.

A spokesperson for the AMCA said that the agency is doing its best to contain the breach by taking down routes the attacker could have taken to expose the information.

The spokesperson said the AMCA “hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security. We have also advised law enforcement of this incident.”

While Quest claims they do not have the “complete information” on which customers were affected by the breach, they will “ensure that Quest patients are appropriately notified consistent with the law.”

Stephen Breidenbach, the co-chair of the Cybersecurity, Privacy, and Technology Practice Group at New York law firm Moritt Hock & Hamroff, told The Hill that containing the breach by finding the avenue the attacker utilized to reach the information should be the AMCA’s priority.

“It's very important at this stage that AMCA contain the breach and ensure the attacker has not established a method to reenter AMCA's systems,” Breidenbach said.

He said that even though the agency believes they have found the way the attacker initially breached the system, they must make sure all other ways the attacker could potentially get in are secure.

“Just because the company found and closed the door that the attacker came through does not mean all the doors to the business (e.g., other unpatched programs) are shut,” Breidenbach said. “It also doesn’t prove that the attacker never established an alternative method of entry, such as installing his/her own software that allows the attacker to reconnect to the network independent of the vulnerability.”

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3