[BreachExchange] Hack of Quest Diagnostics App Exposes Data of 34, 000 Patients

[Audrey McNeil]

http://www.nytimes.com/2016/12/12/us/hack-of-quest-
diagnostics-app-exposes-data-of-34000-patients.html?_r=0

A medical laboratory company based in New Jersey said Monday that it was
investigating a recent hack that exposed the personal health information of
about 34,000 people.

An “unauthorized third party” gained access to names, dates of birth, lab
results and, in some cases, telephone numbers on Nov. 26 through a mobile
health app that gives patients access to lab results and other information,
according to the company, Quest Diagnostics, which is based in Madison, N.J.

The stolen data did not include Social Security or credit card numbers or
any other insurance or financial information. All the people affected have
been notified, the company said. It also said there was no indication that
any of the information had been misused.

The company did not say whether the hack affected individuals in any
particular region of the country. The company has locations throughout the
United States.

Quest said it had taken immediate steps to address the vulnerability in its
app, which is called MyQuest by Care360, and had reported the intrusion to
law enforcement. The company said that an investigation was continuing and
that it was working with a cybersecurity business to prevent similar hacks.

Quest did not immediately respond to a phone message and email requesting
further comment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161213/4612ba42/attachment.html>