by Joseph Young
Quest Diagnostics, a public clinical laboratory service provider with a revenue of $7.5 billion in 2015, lost 34,000 sets of valuable client information in a major hacking attack, announcing an investigation into the attack on December 12. During the data security incident, Quest Diagnostics admitted that the name, date of birth, lab results and telephone numbers of its clients were stolen.
According to the Quest Diagnostics IT and development teams, an undisclosed group of hackers gained access to the company’s internal system called MyQuest by Care360 and stole Protected Health Information (PHI) from its central database. More details of the hacking attack have not been disclosed and the company’s contracted cybersecurity firm has yet to unravel methods used to infiltrate the company's database.
“When Quest Diagnostics discovered the intrusion, it immediately addressed the vulnerability. Quest is taking steps to prevent similar incidents from happening in the future, and is working with a leading cybersecurity firm to assist in investigating and further evaluating the company's systems,” said the Quest Diagnostic team.
One of the most concerning aspects of this hack and data theft is that the Care360 online application is currently being used by many hospitals and healthcare corporations across the US. Since its launch in 2010, it has attracted the likes of doctors and medicare institutions for its flexibility and functionality.
"One factor that influenced our doctors to choose Care360 EHR is that Quest Diagnostics was behind it," said Dr. Paulo Andre in 2010. "It's available online from anywhere. I use it in three different hospitals when I'm on call. Each time I need to get a piece of information regarding one of my patients, I just enter the name of the patient to get the information I need. I can check prior lab results, MRIs, my notes, or my colleagues' notes, and make a clinical decision very fast. It's a very easy interface."
However, since 2010, the company has not carried out any updates or overhaul of its internal systems and databases. Its structure remains despite the fact that leading doctors, surgeons, physicians and hospitals around the US rely on this platform to embed sensitive patient data, the online platform is not encrypted.
While Quest Diagnostic claims that it will address the vulnerability, the vulnerability or weakness in the platform hasn’t even been disclosed by the company and the cybersecurity firm it is collaborating with.
To avoid the disastrous theft of data within the healthcare industries, various multi-billion dollar firms, including Capital One, are partnering with blockchain startups to secure healthcare records and important patient data on the immutable and unalterable ledger of a blockchain network.
“We’re seeing an unprecedented transformation in the payments space as rapid advances in digital technology are reimagining the client experience. We see the new network models and data analytics capabilities as an opportunity to reinvent treasury management to better meet the needs of clients, not only increasing payment efficiency but also generating actionable information about their business,” said Capital One executive vice president Patrick Moore.
Moreover, major research and professional services firms including Deloitte have released various papers and research on the blockchain technology’s potential in the healthcare industry. RJ Krawiec, Deloitte Consulting LLP principal and the leader of Federal Innovation and Translational Medicine at the company, stated that current technologies are incapable of staying on par with the roadmap presented by the Office of the National Coordinator for Health Information Technology as they cannot offer secure network infrastructure and transparency of data.
The MIT has been working on such a project, known as MedRec, ensuring the privacy of individuals while using aggregate data to conduct medical research. Also, like the joint project between Capital One and blockchain startup Gem OS utilizing blockchain to secure health records, major laboratory service providers and healthcare software developers like Quest Diagnostics must look into emerging technologies to ensure client data is secured in a safe ecosystem.