MIAMI (CBSMiami/CNN) — Quest Diagnostics says nearly 12 million patients may have had their personal information exposed in a security breach.

The clinical laboratory company says one of its billing collection firms alerted Quest in May that an unauthorized user gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor hired by a Quest contractor called Optum360.

The compromised information includes credit card and bank account numbers, medical records and social security numbers but not test results.

According to its website, the company has about 22-hundred locations across the U.S. including 40 locations in Miami-Dade and Broward Counties.

Quest said it has suspended using AMCA and that it was using “forensic experts” to examine the issue.

It also said that AMCA has not provided “detailed or complete information” about the hack, including which customers might have been affected.

Optum360 said its data systems “were not impacted” and said that security is “critically important to us, and we are actively working with Quest and AMCA to understand this issue and ensure appropriate actions are being taken.”

AMCA also released a statement saying it’s investigating the incident and remains “committed to our system’s security, data privacy, and the protection of personal information.”

“We are committed to keeping our patients, health care providers, and all relevant parties informed as we learn more,” Quest said in the release.

(©2019 CBS Broadcasting Inc. All Rights Reserved. Cable News Network, Inc., a Time Warner Company, contributed to this report.)