Medical lab Quest Diagnostics exposed names, dates of birth, lab results and telephone numbers of 34,000 patients after a third-party gained unauthorized access to its network through a vulnerable mobile application.
MyQuest by Care360® is a free mobile app that allows users to access lab results directly on their mobile phones and schedule reminders for medication. To date, it has been downloaded more than 100,000 times from the Google Play store.
The stolen data did not include Social Security or credit card numbers or any other insurance or financial information, the company said in a statement.
The intrusion purportedly took place on Saturday, November 26.
Quest notified all affected customers and said it is working with a cyber-security firm to assist in the investigation and further evaluate the company’s systems.
Why do cyber-criminals want healthcare records?
Medical records are the new currency. On black markets, they are 10 times more expensive than credit card numbers, according to Experian. That’s partially because stolen data often includes Social Security numbers that can be used in identity theft.
Thieves can also use this data to get other personal information about the victims, apply for new credit cards and make fraudulent purchases on their behalf. Also, once an attacker gets access to someone’s sensitive medical history, he can threaten the patient with public shaming. Attackers can also use this data to create fake IDs to buy medical equipment or drugs, or they can combine the data to fabricate complaints to insurers.
Data and financial losses are not the worst that can happen. Once inside a hospital’s network, attackers can interfere with patient care to wreak havoc and even put lives at risk. They could mix up blood samples or drugs, disrupt patient monitors or disable equipment to cause serious injury.
That’s why designing health apps with security in mind is vital for users’ peace of mind. Read more about risks hanging over the healthcare industry.