A hacker has been able to breach the cyber defenses of Quest Diagnostics Inc and has been able to access a whole treasure trove of patient data, including their credit card numbers, bank account details, medical data and social security numbers.

In yet another case of a cyber attack, Quest Diagnostics Inc disclosed it has been notified by a billing collections vendor that an unauthorized user had gained access to data on nearly 11.9 million patients, including their credit card numbers and bank account details.

So far, Quest Diagnostics has been unable to get all relevant information on the hacking incident from American Medical Collection Agency (AMCA) nor has it been able to verify the accuracy of the information received from AMCA, said the company in a statement.

According to Quest’s regulatory filing, Optum360 LLC, a unit of UnitedHealth Group Inc, has also been notified of the breach.

Optum360 provides customer billing services to Quest Diagnostics.

According to AMCA, the unauthorized user had access to its data between Aug. 1, 2018 and March 30, 2019. The accessed data contained information that AMCA had received from various entities, including Quest Diagnostics, and information that AMCA collected itself.

The data also included medical data and other personal details such as social security numbers, said AMCA.

The data however did not contain information on patient laboratory test results, said Quest Diagnostics.

Quest Diagnostics stated it has suspended AMCA collection requests.

Quests is now working with AMCA and Optum360, as well as outside security experts to investigate the incident and its potential impact on its patients.