It's amazing how inured we are to data breaches. Somebody hacks a big company's website, and they download millions of usernames or passwords or whatever, and we're at the point where we all just shrug.
Seriously. There's this story and this one and this one and this one and this one and this one and this one and this one and this one and this one and this one, and before long you can't even pay attention to any of it.
But I have a gut feeling that the latest data breach -- in which Quest Diagnostics had to tell the Securities and Exchange Commission that as many as 11.9 million Quest Diagnostics patients may have had their medical and personal information hacked -- might stand out.
In a filing Monday, Quest Diagnostics said it learned in mid-May that a collection agency it uses, American Medical Collection Agency (AMCA), apparently had some kind of data breach that lasted from the start of August 2018 through the end of March this year.
As a result, these nearly 12 million Quest Diagnostics patients may have had their "financial information (e.g., credit card numbers and bank account information), medical information, and other personal information (e.g., Social Security Numbers)" accessed.
It's bad enough to have your passwords hacked; and even more disconcerting to learn that somebody has gotten hold of and sold your credit card number or even your identity. There are some terrible situations, and we've all heard the horror stories.
But health information feels like a different category. It's just so personal.
"Sometimes they're compromising this data, and we don't know how it's being used, when, or if it will be used to compromise those individuals' identities," Gary Cantrell, head of investigations at the Department of Health and Human Services' office of inspector general, told CBS News earlier this year.
Granted, this isn't even the biggest breach of personal medical information. That dubious award might go to Anthem Insurance, which reportedly had to pay a $115 million settlement after a 2015 data breach that exposed the records of 79 million people.
(Although, at $1.46 per patient, this doesn't exactly seem onerous.)
But Quest Diagnosis has the added distinction of having had its patients' data reportedly breached after handing it over to a collection agency. I don't think there's a single word in that sentence that will likely inspire much sympathy.