Quest Diagnostics Breached, 34,000 Records Stolen

Rob Van Buskirk
April 3, 2018
Share this post

At some point in your life, there is a very good chance that you have had blood drawn and sent to Quest Diagnostics. Quest just notified the Media that they had over 34,000 records stolen by an “unauthorized third party.” They now qualify for the HIPAA Wall of Shame.

The Law:

“As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. These breaches are now posted in a new, more accessible format that allows users to search and sort the posted breaches.”

Quest operates more than 2,200 patient service centers and touches the lives of 30% of adult Americans every year, but they have not released additional details of where the breach occurred. So now what? How do you find out if you have had your PHI stolen? You should be receiving a letter detailing the breach and next steps of action. Quest will also be required to purchase Lifelock to monitor your identity and credit reports. Lastly, if you want to know today whether you were affected, you can call 888-320-9970.

So, what will this cost Quest in fines? Take a look at the estimated cost of a data breach. These numbers are not just limited to large companies. This can happen to any Doctor.

  • HHS fines: up to $1.5 million/violation/year
  • Federal Trade Commission fines: $16,000/violation
  • Class action lawsuits: $1,000/record
  • State attorney generals: $150,000 – $6.8 million
  • Patient loss: 40%
  • Free credit monitoring for affected individuals: $10-$30/record
  • ID theft monitoring: $10-$30/record
  • Lawyer fees: $2,000+
  • Breach notification costs: $1,000+
  • Business associate changes: $5,000+
  • Technology repairs: $2,000+

This is a great call to action to make YOU the hero of your HIPAA compliance story! You need to take time to review your Breach Policy and ensure it is airtight. Also, review your last HIPAA Risk Assessment and make sure you have resolved any of your compliance issues. Once a breach has been identified, the Office of Civil Rights will want to look at your last assessment and your resolution roadmap.

Start by getting a complete HIPAA Assessment and find out where you are at risk!