Posted on 06/07/2019 7:19:29 AM PDT by BenLurkin
The clinical laboratory company said in a release that an "unauthorized user" gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor hired by a Quest contractor called Optum360.
Quest said the information that may have been exposed included Social Security numbers and medical information, but not test results.
AMCA first notified Quest on May 14 of "potential unauthorized activity" on its payment page, Quest said. Two weeks later, according to Quest, AMCA then told Quest and Optum360 more about the breach, including the number of patients potentially affected and what information was accessed.
Quest (DGX) said it has suspended using AMCA and that it was using "forensic experts" to examine the issue.
It also said that AMCA has not provided "detailed or complete information" about the hack, including which customers might have been affected.
(Excerpt) Read more at cnn.com ...
Well thank goodness i will receive Free Credit Monitoring for a year!! And i feel great knowing that if there is a class action lawsuit over this some attorneys will make $$Millions.
” the security product of a company which obviously knows nothing about basic data security.”
Who would have guessed there would be a problem when their “Chief Security Officer” was a music major? No one could have seen it coming.
Look at the hurdles that must be cleared to opt-out.
There should be one standardized form (post card) saying do not report my credit history and do not bother me again.
As Clark Howard says, DO NOT GIVE YOUR SSN to any medical outfit. ANY. Under their medical oath, that cannot deny you treatment.
There is no such thing as FREE.
Any credit monitoring IS NOTHING MORE than your exposure to another avenue of ID theft.
“Look at the hurdles that must be cleared to opt-out.”
It’s long overdue for Congress to pass a law restricting SSN for I.R.S. use only.
ONLY. No medical, no credit, no nothing.
I have a credit freeze in place with the big 3, as well as a couple of other agencies.
Good info here => https://www.bogleheads.org/wiki/Credit_freeze
Nobody ever questioned it because they never used it ... they just wanted it.
I have epilepsy. And?
The reality is its is only used for collection actions. Offices will claim “the law requires it” to be submitted. Or “insurance requires it” or “we need it to verify you are who you say you are”. All crap.
This just proves medical records should not be on line.
Its long overdue for Congress to pass a law restricting SSN for I.R.S. use only.
ONLY. No medical, no credit, no nothing.
Out in Pelosi country, decades ago, Jim Eason a somewhat conservative radio talk show host, would go on a rant several times a year warning us about our SSN’s in the wrong hands. He took particular aim at the healthcare industry.
Like many ahead of their time prophets, we made a lot of fun of him.
Then, we find out that minimum wage receptionists in doctor’s offices and hospital admitting offices were peddling SSN’s for their profit.
That horse left the barn long ago.
621-31-1920 (6-21-3-11-9-20)
Nobody ever questioned it because they never used it ... they just wanted it.
_____________________________________
From retired computer programmer pov, the first thing I would do is strip all special characters from the string, check the count of digits remaining, and post error if not 10. So you really don’t know whether they used it or not.
I’m sorry to hear that.
Why do they design systems so that this much data can be accessed at one time by one user?
Each individual user must have limited access. Any users with superuser access must be restricted to logging on ON the premises, and with strict logging and real-time monitoring.
It way past time to trash the SSN as it is now. For starters, it has no check digit. Should be longer, contain letters and/or numbers, and be checked every time it’s used for internal consistency. But what would the systems designers know about that?
SSN should not be used as the universal individual citizen identifier, as it is now. It was a retirement account number! Ah, but the politicians in charge at the time knew damn well what they were doing, and knew what it would become. Luckily, they’re all dead now.
See 1974 privacy act law.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.