New York (CNN Business) Quest Diagnostics said the personal information of 11.9 million customers has potentially been compromised.

The clinical laboratory company said in a release that an "unauthorized user" gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor hired by a Quest contractor called Optum360.

Quest said the information that may have been exposed included Social Security numbers and medical information, but not test results.

AMCA first notified Quest on May 14 of "potential unauthorized activity" on its payment page, Quest said. Two weeks later, according to Quest, AMCA then told Quest and Optum360 more about the breach, including the number of patients potentially affected and what information was accessed.

Quest DGX said it has suspended using AMCA and that it was using "forensic experts" to examine the issue.

Read More