Quest Diagnostics Breach - Managing 3rd Party Risk

Breach Report

Miami, Florida
June 5, 2019

The age of cloud computing is here and organizations must adopt cloud security posture management tools to combat the new vulnerabilities. In a filing with the Securities and Exchange Commission (SEC), Quest Diagnostics Inc (NYSE: DGX) disclosed that the personal information of 11.9 million customers has potentially been breached. The cause of the breach has been attributed to an unauthorized user gaining access to an American Medical Collection Agency (AMCA) system. AMCA is a third-party billing vendor hired by Optum 360, another quest contractor.


Quest Diagnostics, one of the largest blood testing providers in the U.S. stated: “The information on AMCA’s affected system included financial information ( e.g ., credit card numbers and bank account information), medical information and other personal information ( e.g ., Social Security Numbers).”


Quest Diagnostics is not the only firm to struggle with third-party risk management. According to a Ponemon study, 61% of U.S. respondents said they have experienced a data breach caused by one of their vendors and third parties. Continued adoption of public cloud infrastructure has created new challenges and risks for security teams. Organizations must now not only be cognizant of their own security and compliance posture but also that of their vendors and contractors.


The days of yearly security and compliance audits are over. Aside from the headache resulting from legacy manual auditing processes, one-time audits only provide a snapshot of an organizations’ risk posture at any given point in time. Furthermore, the speed of modern development cycles often causes an organization’s risk posture to change drastically in as little as 24-hours later. Enterprises want continuous and on-demand assurance that third parties are properly handling their customer's sensitive data. Although an enterprise may not be directly liable for third-party data breaches, they will certainly experience negative repercussions- such as reputation damage and customer churn, which are often more costly.


In order to prevent data breaches akin to that of Quest Diagnostics and to minimize potential liabilities, security teams must ensure potential business partners and contractors enforce security best practices prior to sharing data. Once data sharing has begun, security teams must then continuously assess third-party cloud security and compliance postures. The criticality of these practices will only continue to increase as data sharing networks grow and become more complex.


SECBERUS simplifies this process, allowing organizations to employ a multi-tenancy approach to security and compliance. SECBERUS consolidates organizations’ and third-party multi-cloud public infrastructure data within a single dashboard to provide users with a holistic view of all relevant cloud accounts, assets, and workloads.


For news and media inquiries, please reach out to
Subscribe for Updates
About SECBERUS

Founded in Miami in 2017, SECBERUS is a real-time cloud security posture management platform that enables DevSecOps engineers to audit and enforce their security configuration across multiple Public Cloud platforms (AWS / Azure / GCP). Companies can deploy the SECBERUS solution in minutes and obtain end-to-end asset visibility, compliance reporting, and the ability to enforce security policies in real-time. The SECBERUS solution delivers cyber-risk intelligence on cloud asset relationships, removing security configuration complexity in the public cloud.

secberus_logo_white

Continuous Public Cloud
Security & Compliance

Copyright © SECBERUS, Inc. 2018-19 ALL RIGHTS RESERVED -
PRIVACY POLICY