Quest Diagnostics Breach Exposes Health Data of 34,000 Customers

World AIDS Day Is Marked Around The World
PRETORIA, SOUTH AFRICA - NOVEMBER 4: (SOUTH AFRICA, UAE, BRAZIL OUT) American Ambassador, Donald Gips gets tested for HIV to help raise awareness of the illness in preparation of World AIDS Day on November 4, 2009 in Pretoria, South Africa. World AIDS Day, which will be marked on December 1, 2009, has been celebrated since 1988 worldwide and help to raise awareness of HIV and AIDS and to help educate people on the subject and to remind people that the disease hasn�t gone away. South Africa currently has an estimated 5.7 million people infected with HIV and 1 000 dying every day of AIDS related diseases and although the epidemic seems to have stabilized, South Africa still has more people living with HIV and AIDS than any other country. (Photo by Foto24/Gallo Images/Getty Images)
Foto24—Gallo Images via Getty Images

Quest Diagnostics, a New Jersey-based medical laboratory company, disclosed a data breach affecting about 34,000 people on Monday.

Digital intruders stole personal and medical information of customers—including names, dates of birth, lab results, and, in some cases, telephone numbers—Quest said in a notice posted its website. The thieves did not steal financial information such as Social Security or payment card numbers, the company said.

Attackers gained access to the data on November 26 through an improperly secured mobile app that lets patients share and store electronic health records, according to Quest (DGX). The app was called MyQuest by Care360.

Get Data Sheet, Fortune’s technology newsletter.

“When Quest Diagnostics discovered the intrusion, it immediately addressed the vulnerability,” Quest said in a statement. The company said it is now reviewing and bolstering its security posture with help from an unnamed cybersecurity firm.

Quest said it alerted victims by mail and reported the incident to law enforcement, which helping to investigate the matter. The company did not reveal additional information about the incident, which it described as an “unauthorized third-party intrusion.”

For more on hacking, watch:

In October, Quest teamed up with IBM’s Watson (IBM) on a cancer genome sequencing project.

Kim Gorode, a Quest spokesperson, provided an additional statement to Fortune in an email. “We deeply regret this incident and any inconvenience or concern it may have caused,” she wrote. “If individuals have any questions regarding this incident, please call 888-320-9970, Monday through Friday, between 9:00 a.m. and 7:00 p.m. Eastern Time.”

Subscribe to the Eye on AI newsletter to stay abreast of how AI is shaping the future of business. Sign up for free.