By CCN: A major data breach has rocked Quest Diagnostics, exposing the personal details of nearly 12 million patients in the process. The incident, which was reported in a public filing, occurred on May 14 after centralized third-party billing company American Medical Collection Agency (AMCA) informed the diagnostic testing company about "potential unauthorized activity" on a "web payment page." Quest Diagnostics has some blockchain exposure, but apparently not enough.
Among the first companies to respond was blockchain-powered ID startup Civic, suggesting its decentralized technology could put an end to data breaches.
"At Civic, we're focused on providing everyone with a digital identity that they control in the hopes that incidents like this become a thing of the past."
AMCA sent CCN the following statement:
"We are investigating a data incident involving an unauthorized user accessing the American Medical Collection Agency system. Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page...We remain committed to our system’s security, data privacy, and the protection of personal information."
Quest Diagnostics Needs More Blockchain
Technology has made it easier than ever to process payments with the click of a mobile device, but at what cost? This was not Quest Diagnostics' first hack; they reportedly suffered another data breach three years ago in which hackers gained access to the personal data of more than 30,000 users. Had they chosen to integrate Civic's technology or another blockchain-based system, they might have avoided this entire situation.
The decentralized nature of a distributed ledger allows data to be shared in a peer-to-peer manner, knocking out the need for a middle man. Given features such as transparency and immutability, the likelihood of a security breach on the blockchain is greatly reduced.
Melanie Plaza, the co-founder of blockchain company Elixir, recently told Forbes:
"[These] implementations prevent information holders from changing users' financial information, eliminating the need for a user to trust an unknown entity with their personal assets or most precious information (Equifax, cough cough)."
What Went Wrong
Based on the information provided, there were many hands in the patient data pool. While the vulnerable party appears to have been AMCA, the billing firm does business with Quest contractor Optum360, demonstrating something akin to a game of telephone with sensitive information. Now both Quest and Optum360 have enlisted the help of forensic experts to get to the bottom of things. The bad actor got ahold of the following details:
- financial data
- Social Security numbers
- Medical Information with the exception of lab results
AMCA has yet to identify the patients whose personal information was exposed. Quest revealed in a statement:
"Quest has not been able to verify the accuracy of the information received from AMCA. Quest is taking this matter very seriously and is committed to the privacy and security of our patients’ personal information. Since learning of the AMCA data security incident, we have suspended sending collection requests to AMCA."
Quest wouldn't have even needed to use AMCA in the first place if they would go all-in on blockchain technology. They are just the latest in a string of major corporations suffering the consequences of a security breach. Millions of users have had their credit card data compromised of late at companies such as "TicketMaster, British Airways, and...Newegg, according to TechCrunch.
Civic's Secure ID Platform
If Quest was a partner of blockchain startup Civic, this security breach would likely never have happened. Civic's technology gives users control of their own identity and the ability to decide the organizations that gain access to it. Through a combination of encrypted data and biometrics tech such as fingerprinting, Civic connects users directly to the other organizations such as airport security or hotel, for instance, in a peer-to-peer manner.
Blockchain tech could put third-party payment providers out of business, but as Civic suggested, it could put hackers out of business, too.
*This story has been updated to include a statement by AMCA.
Last modified (UTC): June 4, 2019 2:04 PM