Quest Diagnostics Breach

Quest Diagnostics, one of the largest blood testing providers in the country, announced that nearly 12 million of its customers may have had their personal, financial and medical information breached due to an incident at one of its collections vendors.

Whoever hacked the vendor’s systems reportedly had access for 7 months, from August 2018 through March 2019.

Commentary: If it is your company’s data, you are responsible for it regardless of whatever vendor you have sent it to for further processing. A cogent reminder of the dangers of 3rd party and vendor risk, as businesses outsource more of their internal processes to 3rd parties in order to cut costs.

Likely Threat(s): Criminals
Likely Motive(s): Theft, Fraud?
Likely Means: 8.4 Attack 3rd parties/vendors
Opportunities: 3rd party assessment/management

%d bloggers like this: