Quest said it's taking the matter "very seriously" and has suspended collections requests to AMCA.
Quest will be working with Optum360 to ensure that Quest patients are appropriately notified of the possible breach.
Quest Diagnostics Inc said on Monday it was notified by a billing collections vendor that an unauthorized user gained access to information on almost 11.9 million patients, including credit card numbers and bank account information. Quest says they are working closely with Optum260 to notify those patients.
According to the company, someone had unauthorized access to their systems between last August and this past March.
American Medical Collection Agency, a billing collections service provider, said an "unauthorized user" accessed the agency's system that contained personal information from various entities, including Quest patients, the clinic said in a statement Monday.
Quest noted that "AMCA has not yet provided Quest or Optum360 detailed or complete information about the AMCA data security incident, including which information of which individuals may have been affected".
Laboratory test results were not affected, Quest said.
AMCA did not immediately respond to a request for comment.
There are ten Quest Diagnostics in the Mahoning and Shenango Valley.
Hayes said Quest is just one one of many healthcare companies to have been targeted in recent attacks, including Anthem (80 million impacted), Premera (11 million impacted) and TRICARE (4.9 million impacted).
Quest serves half the hospitals and physicians in the USA, and one in three adult healthcare customers, according to its website.