Quest Diagnostics suffered from a data breach that exposed 350,000 patients' protected health information.
Before the attacker may have acquired or exfiltrated specific patient health information, the security team discovered the intrusion two days after the ransomware was distributed.
The compromised data includes medical histories, test reports, CPT and diagnosis codes, and other data provided, as well as billing and further health data.
The Quest investigated the incident and notified those affected by email.
TPRM report: https://scoringcyber.rankiteo.com/company/quest-diagnostics
"id": "que93731122",
"linkid": "quest-diagnostics",
"type": "Ransomware",
"date": "11/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '350,000',
'industry': 'Healthcare',
'name': 'Quest Diagnostics',
'type': 'Company'}],
'attack_vector': 'Ransomware',
'data_breach': {'number_of_records_exposed': '350,000',
'type_of_data_compromised': ['medical histories',
'test reports',
'CPT and diagnosis codes',
'billing and further health '
'data']},
'description': 'Quest Diagnostics suffered from a data breach that exposed '
"350,000 patients' protected health information. The security "
'team discovered the intrusion two days after the ransomware '
'was distributed. The compromised data includes medical '
'histories, test reports, CPT and diagnosis codes, and other '
'data provided, as well as billing and further health data. '
'Quest investigated the incident and notified those affected '
'by email.',
'impact': {'data_compromised': ['medical histories',
'test reports',
'CPT and diagnosis codes',
'billing and further health data']},
'response': {'communication_strategy': 'Notified those affected by email'},
'title': 'Quest Diagnostics Data Breach',
'type': 'Data Breach'}