After the cyberattack at Quest Diagnostics in November 2016 that caused the unauthorized access and theft of the personal data and medical test findings of 34,000 people, the breach victims filed a class-action lawsuit. Quest Diagnostics offered to resolve the lawsuit with a $195,000 settlement, which was lately okayed by a U.S district court judge in New Jersey.
The hacker was able to get the following types of information: names, telephone numbers, birth dates, and medical test results, which include HIV test results.
The lawsuit had the following allegations:
- Quest Diagnostics had violated New Jersey regulations and had neglected to protect the sensitive health data of its clients
- Quest Diagnostics had broken its contract with clients
- The company was unable to give prompt patient notifications regarding the hacking incident and data theft
Quest Diagnostics states that the claims are without merit, however, it made a decision to settle the lawsuit to stay clear of continuous litigation and more legal charges. According to the conditions of the settlement, all people who could prove they have sustained monetary losses directly because of the breach are going to be eligible to claim $250. The payment is supposed to recompense people for needing to do something to protect their accounts and spend on credit monitoring and identity theft protection services.
Any person who had their HIV test results stolen are going to be eligible to claim $75, on top of the $250 in case they have sustained monetary losses as well.
Quest Diagnostics was likewise made a co-defendant in a number of lawsuits that victims of the American Medical Collection Agency (AMCA) data breach filed earlier this year. The attack on the AMCA payment portal allowed the criminal to steal the protected health information (PHI) of over 26 million people. 11,500,000 of the affected people obtained medical testing at Quest Diagnostics and AMCA had accessed their PHI for collection processing.