In June, Quest Diagnostics, one of the largest blood testing companies in the United States, announced a massive data breach, compromising up to 11.9 million patients’ sensitive data including social security numbers, medical history, and financial information. This is not the first breach for the company, which disclosed another incident in 2016 that left over 30,000 patients’ personal and medical information exposed to hackers.
While the most recent breach was the result of an insecure system provided by third-party American Medical Collection Agency, a Quest customer is still seeking more than $5M in damages as a result of the incident. Outside of this lawsuit, the breach could also have long-term consequences for the company. Research we conducted to examine how data breaches impact US consumer trust and future purchasing decisions found that 62 percent of respondents said they would stop spending with a brand for at least a few months following a breach, and 21 percent claim they’ll avoid the brand forever. Additionally, failing to comply with data privacy regulations can result in huge fines – a recent study by the Ponemon Institute and Globalscape estimated the cost to companies of non-compliance at an average of over $14 million.
The breach of Quest Diagnostics is one of the latest examples that underscores the importance of ensuring that not only your own company is compliant with regulations and protected from security threats, but also third parties that have access to your customers’ sensitive data.
Make sure your customer data is truly secure and your company is protected by checking that all organisations that have access are PCI compliant. Leveraging PCI Pal’s solutions can help make certain your customers’ sensitive information is protected by descoping your contact centre so that customer information never reaches your environment and isn’t accessible to hackers.