The personal health information of around 34,000 clients of Quest Diagnostics was put at risk following a breach, according to the New York Times.
The Madison, N.J.-based medical laboratory announced on Monday that an "unauthorized third party" had penetrated its systems on Nov. 26 and gained access to names, dates of birth, lab results and telephone numbers. Entry was gained via a mobile health app that connects patients with their lab results.
The siphoned data did not include Social Security or credit card numbers or any other insurance or financial information.
Quest said that those impacted were notified, though the company believed the purloined data had not yet been misused.Further, the company stated it had addressed the flaw in the app, MyQuest by Care360, and notified authorities. An investigation continues and the firm has engaged the services of a cybersecurity business.
"While it's not clear how this breach happened, this incident is another confirmation that hackers are actively targeting healthcare organizations," Israel Levy, CEO of BUFFERZONE, an advanced endpoint security company, informed SC Media on Tuesday in an email. "It also tells us that despite the precautions these organizations are taking in order to comply with HIPAA, it is not enough."
One of the weakest links in health care organization is the employees, he added. "They use their web browsers and email during the work day and unintentionally open the door to hackers. Healthcare organizations of all sizes must take extra precautions to protect employee endpoints or to isolate them from the network where patient information is stored."