Faxing Error and Data Breach

November 24th, 2015 by admin Leave a reply »

Quest Diagnostics suffered data breach due to improper fax number input. The incident resulted into class-action lawsuit following a fax-related healthcare data breach.

According to the reports, several hundreds of health files were allegedly sent to a New York-based marketing firm rather than to Quest for approximately one year. Human error caused the breach in which individuals from several providers incorrectly provided Quest’s fax number, thus inadvertently sending the medical files to the marketing firm APS Marketing Group.

This healthcare data breach came to light when a representative from APS Marketing Group, Gabby Klotzman, reported it to the I-Team at NBC News. Affected information included patient names, phone numbers, dates of birth, and in some cases, Social Security numbers.

Klotzman reportedly contacted Quest Diagnostics immediately, to which the healthcare company explained it would remedy the issue and contact potentially affected individuals.

However, the faxes allegedly continued to come, prompting Klotzman to contact the Department of Health and Human Services (HHS), but to no avail.

After several months of receiving these medical files via fax, Klotzman contacted NBC’s I-Team, who contacted a handful of the individuals whose medical records had been compromised.

Upon those follow-ups, Quest explained that it did not know the magnitude of the health data breach. According to Quest, it has added a revised fax number to account for any practices who may have input the original number incorrectly.

Newman Ferrara LLP announced a class-action lawsuit against Quest due to its reportedly inadequate handling of the situation.

“That Quest was on notice of this massive data breach for perhaps a year or more, and yet failed to take any responsible or required action, amounts to an egregious dereliction of duty,” stated firm partner Jeffrey Norton in the press release. “Through this lawsuit, we intend to make sure something like this does not occur again.”

The plaintiffs allege that Quest did not take adequate action to prevent the health data breach.

“Although Quest was alerted early on to the breach, the company did nothing to prevent the continued transmissions, failed to alert medical providers and patients, and failed to report the breach to authorities. As a result, the personal and sensitive medical information of hundreds of patients was disclosed to unauthorized third-parties, putting their security and privacy at great risk,” the press release explains.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Leave a Reply