How Blockchain Technology Could Have Helped Avoid Quest Diagnostics’ Data Breach
Quest Diagnostics was recently a victim of a massive security breach that exposed their clients’ payment data. Could blockchain have prevented this incident?
The data breach at Quest Diagnostics exposed confidential information of their 12 million clients. The incident took place on May 14 after American Medical Collection (AMCA) informed the diagnostic testing company of unauthorized activity on a web payment page.
AMCA is a centralized service that bills clients on behalf of Quest Diagnostics. Apparently, Quest Diagnostics does not have sufficient exposure to blockchain technology.
As expected, the breach drew many reactions. The first company to respond was Civic, a blockchain-driven ID startup. Civic claimed that their decentralized platform could have prevented such an attack. In a tweet, Civic stated that they are focused on providing digital identities that are entirely controlled by the user, meaning that such data breaches are impossible.
Why Quest Diagnostics Needs Blockchain Technology
Mobile payments have their advantages, but their main shortcoming is that they expose users’ data to potential cyber-attacks. Apparently, this isn’t the first time that Quest Diagnostics has suffered such an attack.
Three years ago, the company was breached, and the hackers stole personal info belonging to 30,000 clients. If they had invested in blockchain back then, this hacking would not have recurred.
The decentralized nature of the blockchain eliminates the need for intermediaries. Instead, users share data directly with the intended recipient using the peer-to-peer connections. Besides, blockchain has other advantages, such as transparency and immutability, which further reduce the possibility of a security breach.
In a recent interview with Forbes, Melanie Plaza, a co-founder of Elixir, said that the implementation of blockchain technology prevents information holders from modifying users' financial data. It also eliminates the need to place trust in an unknown entity to secure their private data.
What Went Wrong?
According to reports, too many parties had access to the patients’ data. It appears that AMCA was responsible, but the billing company also works with Quest’s contractor, Optum360. Both Quest and Optum360 have hired forensic investigators to see what caused the security breach.
The hackers gained access to patients' financial data, social security numbers, and medical information, except for lab results. So far, AMCA is yet to identify the specific individuals whose data was stolen.
In a statement, Quest declared that they are yet to verify the credibility of the information given by AMCA. The company added that they are seriously concerned with the matter, reiterating that they value the privacy and security of their patient’s private data. The statement concluded by revealing that all transactions with AMCA have been suspended indefinitely.
Had Quest Diagnostics invested in blockchain technology, they wouldn't have needed AMCA. Quest joins an extensive list of big companies to have suffered from security breaches. In the past, British Airways, Newegg and Ticketmaster have been victims of cyber-attacks, which resulted in the loss of users' financial information.
Civic Secure ID Platform
Quest Diagnostics should consider implementing the Civic secure ID solution to prevent such attacks in the future. As mentioned earlier, Civic gives users control over their data, meaning that they choose who has access to their information.
The solution uses a combination of biometric identification features and advanced encryption to secure the data. The integration of blockchain technology ensures that the profile is shareable directly through peer-to-peer connections.