Wave Systems Corp. (fka WAVXQ)

[Genz2]

Quest Diagnostics says 11.9 million patients affected by data breach

https://techcrunch.com/2019/06/03/quest-diagnostics-breach/

Medical testing giant Quest Diagnostics has confirmed a third-party billing company has been hit by a data breach affecting 11.9 million patients.

The laboratory testing company revealed the data breach in a filing on Monday with the Securities and Exchange Commission.

According to the filing, the breach was a result of malicious activity on the payment pages of the American Medical Collection Agency, a third-party collections vendor for Quest. The “unauthorized user” siphoned off credit card numbers, medical information and personal data from the site.

Laboratory test results were not among in the stolen data, Quest said.

The breach dated back to August 1, 2018 until May 31, 2019, said Quest, but noted that it has “not been able to verify the accuracy of the information” from the AMCA.

Quest said it has since stopped sending collection requests to the vendor while it investigates and has hired outside security experts to understand the damage.

AMCA spokesperson Jennifer Kain said in a statement, supplied through crisis communications firm Brunswick Group, that it was “investigating” the breach.

“Upon receiving information from a security compliance firm that works with credit card companies of a possible security compromise, we conducted an internal review, and then took down our web payments page,” said the spokesperson.

The company also said it informed law enforcement of the breach.

Several other companies have been hit in recent months by attacks on their websites. Highly targeted credit card skimming attacks hit Ticketmaster, British Airways, and consumer electronics giant Newegg in the past year, affecting millions of customers. The so-called Magecart group of hackers would break into vulnerable websites and install the malicious code to skim and send data back to the hacker-controlled servers.

It’s the second breach affecting Quest customers in three years. In 2016, the company said 34,000 patients had data stolen by hackers.

Updated with a statement from the AMCA.
==================================================================
Only known devices allowed on sensitive networks! Here is another breach where the user was 'unauthorized'. By using Wave VSC 2.0 and Wave ERAS, an unauthorized or unknown and unapproved device would not make it onto this network to obtain the millions of patients' data!!! The amount of money that could be saved by not having a breach (use Wave solutions) and stress averted far outweighs the cost of implementing Wave ERAS and Wave VSC 2.0 along with Wave's other solutions.
=================================================================
https://www.wavesys.com/products/wave-virtual-smart-card

https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.

==================================================================
https://www.wavesys.com/contact-information