Patient records numbering around 11.9 million were compromised and exposed in a data breach of an agency that collects money for Quest Diagnostics and UnitedHealth Group, according to a report by Bloomberg.
Quest revealed the information in a securities filing. It stated that the American Medical Collection Agency (AMCA), which is based in Elmsford, New York, informed Quest on May 14 about the eight-month breach. Over that period of time, a hacker was privy to credit card numbers, bank accounts, Social Security numbers, medical information and other personal data. Quest said it stopped sending requests for collections to the AMCA and was cooperating with authorities and with UnitedHealth.
Medical records are enticing targets for hackers because of all the information they contain, which can be used to commit identity theft.
The AMCA said it is investigating the incident and has taken down its payments page. It has also relocated online payments to a third party and hired security experts. UnitedHealth said its computers were not affected.
Last April, both Quest and UnitedHealth said they were part of a pilot program involving blockchain and healthcare data management. Under the terms of the pilot, blockchain was to be used with the hopes of improving data quality while reducing administrative costs focused on healthcare provider demographic data. Through insurance mandates, providers’ directories had to be updated with that demographic information, but inaccuracies and inefficiencies abound. The record trail is far-flung and often duplicative.
The firms said at the time that physicians, information service providers, managed care organizations and health systems maintain separate copies of healthcare provider information. Reconciliation offers a challenge, then, and the costs are high, as the industry spends $2.1 billion across the continuum of care in maintaining that data.