Quest Diagnostics and LabCorp Privacy Incident

United Medical Resources (UMR), a UnitedHealthcare (UHC) company, recently notified NRECA of a privacy incident involving Quest Diagnostics that affected certain Quest Diagnostics clients from August 2018 to March 2019. Additionally, LabCorp announced that certain of its clients were affected by the same privacy incident. While at different times during the same period, Quest Diagnostics and LabCorp participated in UMR’s UHC Choice Plus PPO network.

As of June 6, 2019, UMR reported to NRECA that its systems were not affected and the incident did not involve the health plan data of UHC participants, including those in the NRECA Medical Plan.

In both cases, American Medical Collections Agency (AMCA), a third party collections vendor that provided service to Quest Diagnostics and LabCorp, was the victim of a malware attack, resulting in the potential exposure of protected health information (PHI), but not patient lab results. Quest has stopped placing new accounts with AMCA.

Some individuals with delinquent balances due directly to Quest Diagnostics or LabCorp from August 2018 to March 2019 may have been affected and may have received a notification letter from AMCA with information about the breach.

Quest and LabCorp are still working closely with AMCA to determine facts and ascertain impact. Both organizations are stating that the issue only affects their patients who were delinquent in paying for lab services and were subsequently turned over to AMCA for collections.

Quest and LabCorp patients who think they may have been impacted can reach out to Quest at 866.MYQUEST (697.8378) or LabCorp at 888.295.0466 for more information.