Quest Diagnostics, the world's largest blood-testing company, says nearly 12 million patients may have had their financial, personal and medical information compromised.

The company says the breach happened between Aug. 1, 2018 and March 30, 2019. It says someone gained unauthorized access to the systems to AMCA, or American Medical Collection Agency, its billing collections vendor.

Quest says it doesn't have complete information about how the leak happened yet, but it says in a statement that it "takes this matter very seriously and is committed to the privacy and security of patients' personal, medical and financial information."

Adam Schwam, president of computer services company Sandwire, says the leak may have happened when a cybercriminal used an online scam technique known as phishing. He says it could have come in the form of an email that compromised a computer when someone clicked on it.

Schwam says the Quest incident highlights the importance of frequently changing passwords on your accounts.

Patricia Browne-Coleman, of Syosset, says she's used Quest labs within the past year. She says she'll be carefully checking her financial records for suspicious activity.