Cyber Incident Victim: Quest Diagnostics

On November 26, 2016, an unauthorized third party breached a mobile health application operated by Quest Diagnostics, a medical laboratory company headquartered in Madison, New Jersey. The intrusion exposed personal health information belonging to approximately 34,000 individuals. Compromised data included patient names, dates of birth, laboratory test results, and telephone numbers in certain cases. The breach specifically occurred through the app’s infrastructure, which provided patients with digital access to lab results and related medical information. Notably, the incident did not involve the theft of Social Security numbers, credit card details, insurance information, or financial records. Quest Diagnostics publicly disclosed the breach on December 12, 2016, confirming an ongoing investigation into the incident’s circumstances and extent.

The company initiated direct notifications to all 34,000 affected individuals following internal verification of the breach’s scope. Quest Diagnostics emphasized in its statement that forensic reviews found no evidence suggesting misuse of the exposed health data. While the attacker’s identity, intrusion methodology, and detection timeline remained undisclosed, the organization confirmed the breach was confined to the mobile application system. No additional systems or databases were reported as compromised. The incident marked a significant exposure of protected health information through a patient-facing digital platform, though financial fraud risks were mitigated by the absence of monetary or insurance data in the stolen records.