A hack at Quest Diagnostics, a lab services company, exposed medical test results and personal information for 34,000 patients in the United States.
The breach occurred on Nov. 26, according to a statement from the New Jersey-based firm. Lab results, names, dates of birth, and some phone numbers were exposed but Social Security numbers and financial information was not, they said.
The company says they’ve notified the impacted individuals.
There is no evidence at this point that the stolen data has been used at this point. It’s been less than a month since the theft, however, so that’s little reason to believe it won’t be misused in the future.
“Due to the nature and the limited amount of information that was accessed, we believe the risk of harm to patients is low,” Denny Moynihan, a Quest spokesman, told the Chicago Tribune.
The hacker accessed the MyQuest by Care360 internet application and obtained Protected Health Information (PHI) through a vulnerability that hasn’t been specified by Quest but that has been, they claim, addressed.
“Quest is taking steps to prevent similar incidents from happening in the future, and is working with a leading cybersecurity firm to assist in investigating and further evaluating the company’s systems,” according to the company. “The investigation is ongoing and the unauthorized intrusion has been reported to law enforcement.”