Quest Diagnostics faces class action for alleged idleness during patient privacy breach

Dave Pearson | | Health Exec | Cybersecurity

A Manhattan law firm has filed a class-action lawsuit against Quest Diagnostics for allegedly doing nothing while a protracted breach of patient privacy unfolded under the clinical-lab corporation’s nose.

Newman Ferrara LLP announced in a Nov. 20 news release that it had launched the action several days prior in U.S. District Court.

The suit charges that medical records containing personal and HIPAA-protected information on hundreds of New Yorkers were faxed from the offices of numerous physicians to a marketing firm in Brooklyn—and that New Jersey-based Quest, the intended recipient, failed both to alert affected patients and correct the error even after receiving repeated notifications from a good Samaritan.

On Nov. 17 an I-team reporter from New York’s Channel 4 spoke with an employee of the marketing firm, APS Marketing Group, who said she alerted Quest to the error early and often out of a desire to be helpful.

The employee, Gabby Klotzman, attributed the mixup to an incorrect fax number and said she went to HHS after Quest said it would fix the problem but failed to follow through.

Month after month, even after HHS was alerted, the faxes kept coming, Klotzman told reporter Pei-Sze Cheng.

“I know that if my information were shared like that, I definitely would want someone to let me know,” she added.

In its press release, Newman Ferrara placed responsibility for the evident case of human error squarely on Quest.

“That Quest was on notice of this massive data breach for perhaps a year or more, and yet failed to take any responsible or required action, amounts to an egregious dereliction of duty,” Jeffrey Norton, a partner of the firm, said in prepared remarks. “Through this lawsuit, we intend to make sure something like this does not occur again.”

Quest, which operates throughout the U.S. and in Brazil, Mexico, the U.K. and India, told Channel 4 it is now looking into the matter and has created a new fax number.

To view the Channel 4 report, click here

Dave Pearson
Dave Pearson

Dave P. has worked in journalism, marketing and public relations for more than 30 years, frequently concentrating on hospitals, healthcare technology and Catholic communications. He has also specialized in fundraising communications, ghostwriting for CEOs of local, national and global charities, nonprofits and foundations.

Related Content

Healthcare hacker sentenced to 10 years in prison
Ransomware group deploys ticking clock to threaten Georgia hospital
Hackers were inside an Iowa hospital’s network for two weeks
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
CMS contractor takes $1.2M loss after data breach, DOJ lawsuit

Around the web

Cardiovascular Business
Q&A: MedAxiom CEO explores key trends in cardiologist, cardiovascular surgeon compensation

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”