Quest data breach exposes private health information of 34,000 patients

Quest Diagnostics, a New Jersey-based lab services company, is investigating an online data breach that exposed the test results and other personal information of 34,000 patients.

The company announced Monday that an “unauthorized third party” hacked into the MyQuest patient portal on Nov. 26, accessing protected health information including name, date of birth, lab results and in some cases, phone numbers. The breach did not include Social Security numbers, credit card information, insurance or other financial information.

Quest said it has provided notice to patients whose accounts were affected, and that there is “no indication” that the information has been misused, according to the company.

“Due to the nature and the limited amount of information that was accessed, we believe the risk of harm to patients is low,” said Denny Moynihan, a Quest spokesman.

The company said it is taking steps to prevent similar incidents, and is working with a cybersecurity firm to assist in the investigation. The data breach was reported to law enforcement officials.

“We’re taking it seriously,” Moynihan said.

Quest provides lab services at about 2,200 patient centers across the U.S., according to the company’s website. Its services, which range from routine blood tests to genetic testing, are used by 30 percent of American adults annually.

The publicly traded company generated revenues of nearly $7.5 billion last year.

Patients with questions about the data breach can call Quest at (888) 320-9970.