AARP Hearing Center
Updated to include information on Labcorp data breach.
An expert in data breaches, Eva Velasquez had a sinking feeling when she learned Monday of a new breach said to have affected 11.9 million patients served by Quest Diagnostics, one of the nation's largest medical testing firms.
Velasquez, 48, is president and CEO of the nonprofit Identity Theft Resource Center in San Diego.
Since she's had her blood drawn and tested by Quest in the past couple of years, “I'm sure I'm going to be personally affected by this breach,” Velasquez says.
Her mantra: “Don't panic, react.” That is, take proactive steps to guard personally identifiable information.
- Because Social Security numbers are believed to have been compromised in the Quest breach, put a freeze on your credit report at each of the major credit reporting agencies: Experian, Equifax and TransUnion.
- "It's a robust, proactive consumer-protection step … and it's free,” Velasquez says.
- If you paid for a service from Quest and know how you paid, whether by credit card or using a bank account, monitor that account closely.
- If you have a log-on for a Quest account to pay your bill or make an appointment, change your username and create a unique password you haven't used before.
Quest Diagnostics, based in Secaucus, N.J., said the breach does not include lab test results but is believed to include financial data, Social Security numbers and medical information.
The firm said the data breach occurred at one of its billing collections service providers, the American Medical Collection Agency.
Quest said that it has not received “detailed or complete information” from the agency about the incident, including which individuals may have been affected.
But since learning of the data breach, Quest said it has stopped sending collection requests to the agency.
"Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information,” the company said in a news release.
The billing agency first notified Quest on May 14 of potential unauthorized activity on its own web payment page and did not indicate until May 31 that nearly 12 million Quest customers may have been hit.
Quest calls itself one of the world's leading providers of diagnostic information services and says that each year it serves 1 in 3 adults in the U.S. and half the country's physicians and hospitals.