Medical Lab Quest Diagnostics says 34,000 customer accounts hacked
12/30/2016 // David Gutierrez // Views

(NaturalNews) Medical laboratory company Quest Diagnostics has announced that hackers gained access to its mobile app in later November, stealing the personal health information of 34,000 people. The company has directly contacted the patients affected.

It's no wonder that Quest Diagnostics was an alluring target for hackers. It is a Fortune 500 company that provides diagnostic services to one in three US adults every single year. Each year, it also provides services to half of the country's hospitals and physicians.

The breach took place via its mobile app, MyQuest by Care360, which allows patients to manage their appointments and view their test results. The hack gave "an unauthorized third party" access to patient names, birth dates, lab results and telephone numbers. The hacked data did not contain Social Security numbers or financial or insurance information.

Patient privacy not safe

The hack is only the latest in a surging number of cyberattacks on health care companies. In the first 11 months of this year, 92 separate health care-related data breaches were reported (not including the Quest Diagnostics breach, which was reported this month). Last year, hacks compromised records for more than 12 million patients.

"For hackers, developing a targeted attack is a significant effort, so it's no surprise that they focus on healthcare organizations that store highly valuable patient data (significantly more valuable than credit cards … )," said Israel Levy, CEO of security company BUFFERZONE. He called the Quest Diagnostics hack "yet another indication that despite regulations like HIPAA, healthcare organizations still aren't doing enough to protect themselves."


The Health Insurance Portability and Accountability Act (HIPAA) requires health care providers to guard the privacy of patients' information. Thus, records stored or transmitted on remotely accessible networks should be protected with the highest levels of digital security -- which by and large, does not seem to be happening.

In a high-profile case last year, Anthem Blue Cross Blue Shield -- the second largest insurer in the country -- suffered a data breach affecting the records of an astonishing 78.8 million people. In that case, no medical or credit card information was lost, but patients were warned that the information lost -- names, birth dates, social security numbers, employment information, email addresses and even street addresses -- was sufficient to fuel various types of identity theft and fraud. It also provided a way for scammers to contact patients, posing as representatives of Anthem, and try to gather more information.

Highly profitable targets

Evidence suggests that the hacked information sells for lucrative sums on the black market. Earlier this year, a hacker claimed to be selling a total of 655,000 patient records from three different health care organizations. The seller was asking for $100,000 to $395,000 per database.

Hackers can also find other ways to make money from the health care industry. In February of this year, Hollywood Presbyterian Medical Center paid $16,664 (40 bitcoins) in ransom to hackers who had shut down its computer network. In this type of attack, known as ransomware, hackers encrypt the victim's data and provide the decryption key only upon receiving a ransom payment.

Hospital CEO Allen Stefanek said patient care was unaffected and hospital records remained uncompromised, but that administrators had decided that "the quickest and most efficient way to restore our systems and administrative functions was to pay the ransom."

Computer security experts normally advise against paying ransom, although in some cases this is contradicted by law enforcement, said Adam Kujawa, head of malware intelligence for digital security company Malwarebytes.

"Unfortunately, a lot of companies don't tell anybody if they had fallen victim to ransomware and especially if they have paid the criminals," Kujawa said, "but I know from the experiences I hear about from various industry professionals that it's a pretty common practice to just hand over the cash."


Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Embed article link:
Reprinting this article:
Non-commercial use is permitted with credit to (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.