Quest Diagnostics said 11.9 million of its patients may have been exposed in a data breach of computer systems at the American Medical Collection Agency, a billings collection firm the medical lab works with.
An unauthorized user had access to the AMCA's web payments system, which contained personal information such as financial data, Social Security numbers and medical data, Quest said Monday in a release.
The company said lab test results weren't affected by the breach.
The AMCA first notified Quest of potential unauthorized activity on May 14, according to the release.
Quest said it's still waiting on complete information from the AMCA and that it hasn't been able to verify the accuracy of the info it's received.
In a statement Monday, the AMCA said it notified law enforcement of the incident and hired an external forensics firm to help investigate the breach.