HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Quest Diagnostics $195,000 Class Action Settlement Approved by Federal Judge

Following a November 2016 cyberattack at Quest Diagnostics that resulted in an unauthorized individual accessing and stealing the personal information and medical test results of 34,000 individuals, a class action lawsuit was filed by the breach victims. Quest Diagnostics proposed a $195,000 settlement to resolve the case. The settlement has recently been approved by a New Jersey district court judge.

The types of information obtained by the hacker included names, phone numbers, dates of birth, and the results of medical tests, including HIV test results.

The lawsuit alleged Quest Diagnostics had violated New Jersey laws and had been negligent for failing to safeguard the sensitive health information of its clients, Quest Diagnostics had breached its contract with clients, and that the company failed to provide timely notifications to patients informing them about the hacking incident and theft of their data.

Quest Diagnostics maintains the claims are meritless, but the decision was taken to settle the lawsuit to avoid ongoing litigation and further legal costs. Under the terms of the settlement, all individuals who can demonstrate they have suffered monetary losses as a direct result of the breach will be entitled to claim $250. The payment is intended to compensate individuals for having to take action to secure their accounts and pay for credit monitoring and identity theft protection services.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Any individual whose HIV test results were included in the stolen data will be entitled to claim $75, in addition in the $250 if they have also suffered monetary losses.

Quest Diagnostics has also been named as a co-defendant in several lawsuits filed by victims of the data breach at American Medical Collection Agency (AMCA) earlier this year. The hacking of the AMCA payment portal enabled the attacker to steal the protected health information of more than 26 million individuals, 11,500,000 of whom had received medical tests at Quest Diagnostics and their PHI had been passed to AMCA for collection.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.