Senators are pressing the CEO of Quest Diagnostics (DGX) for an explanation, following a data breach that potentially put millions of patients’ records at risk.
Last week, the company advised that an “unauthorized user” may have gained access to the personal information of up to 11.9 million patients.
According to Quest, access was gained through a breach at its billing collection service, American Medical Collection Agency (AMCA). The agency believes the information included financial data, Social Security numbers and medical information, but not lab test results.
Senators Bob Menendez (D-NJ) and Cory Booker (D-NJ) have written Quest’s CEO Stephen Rusckowski to ask how the breach occurred and what the company plans to do about it. The senators said in the letter:
As the nation’s largest blood testing provider, this data breach places the information of millions of patients at risk. The months-long leak leaves sensitive personal information vulnerable in the hands of criminal enterprises,
Another letter, from Sen. Mark Warner (D-VA) requested answers within the next two weeks. Warner wrote:
I am concerned about your supply chain management, and your third-party selection and monitoring process. According to a recent report, 20% of data breaches in the health care sector last year were traced to third-party vendors, and an estimated 56% of provider organizations have experienced a third-party breach,
Late last Wednesday afternoon, Menendez and Booker sent a separate letter to the LabCorp Senior Vice President and Global General Counsel, Sandra D. van der Vaart. The letter said:
This isn’t the first time LabCorp has come under scrutiny due to information security concerns,” the senators wrote. “In light of LabCorp’s history of information security challenges, the company has both the knowledge and responsibility to heighten information security standards and processes to better protect the patients it serves.
According to a story published by Yahoo (Finance), Menenedez has introduced legislation with the goal of cracking down on data breaches and protecting consumers’ personal information.
“It’s critical because at the end of the day, we’re talking about consumers — through no fault of their own — potentially face irreparable harm to their credit reports, to their financial futures. They confront the real possibility that their medical information and history has been exposed and how that can be used and manipulated,” said Menendez.
Next week, the Senate Banking Committee will hold a privacy hearing focusing on data brokers – companies that aggregate and sell consumer information.
Menendez, a member of the committee, plans to bring up the recent data breaches and the impact on consumers.