Medical laboratory giant Quest Diagnostics on Monday announced that its online patient portal had suffered a breach exposing about 34,000 individuals' records.
The Madison, N.J.-based company said it discovered the breach on Nov. 26. The intruder(s) gained access to individuals' names, dates of birth, lab results, and in some instances, telephone numbers through a web application. The company said it has notified the affected individuals, set up a toll-free number, hired a cybersecurity firm to analyze its security plan and enlisted law enforcement to investigate the incident.
Quest does not believe the patient information has been misused.
Quest introduced the patient portal available through desktop, mobile or tablet, in 2014. The company said MyQuest by Care 360 would help patients see their lab reports and allow physicians to fulfill meaningful use requirements because patients would be able to download, view or transmit their electronic health records.
Quest claims to handle diagnostic labs for about 30% of adults in the U.S. every year. It has also touted its status as the first company to offer direct patient access to lab information through free channels, including MyQuest by Care 360.
Patient records, which are considered extremely valuable on the black market, have attracted criminals in droves this year. Through the end of November, 92 breaches involving 500 or more individuals' records were reported, according to the HHS. More than 12 million individuals' records were compromised last year.
A recent survey by the American Health Lawyers Association showed an overwhelming majority of respondents indicated the healthcare industry is currently more vulnerable to hackers than other industries.