Tuesday, May 21, 2013

Quest Diagnostics billing department is a social engineering hack

In January, I had a tick embedded under my skin (gross). I went to the doctor, they removed it and sent it off to Quest to be tested.

Fast forward to last week, I get a call from "Invoice Services" which QD farms out to. Apparently Quest used a former address to send my bill to, which is odd because I recently switched insurance late last year and they never had that address... So, where did Quest get this address from?

Anyway, here is the issue, besides being terrible at sending bills.

I get a call from "Invoice Services" which is apparently a company located in India (not a collection agency) to get me to pay, to which I already did.

"Invoice Services" wants me to confirm my 1) full name 2) date of birth 3) address.

So an Indian based company calls me and wants me to verify my information? Please, that is preposterous. This is a text book social engineering hack used to gain valuable information from people.

Shame on you Quest Diagnostics and your terrible security practices. God knows how you are protecting my ePHI if you are so willing to send information off to India.

No comments:

Post a Comment