It seems a lot of the posters here really didn't read the article, and/or have no idea just exactly what got hacked.
Disclosure: I work with their major competitor. We have an online app almost exactly like Quest's, as do many of our competitors. Most of these online apps have about the same functionality, more or less, and work very similarly.
Care360 is Quest's online results delivery online app. The app itself belongs to Quest, and is run on hardware they own/lease. Provider offices ask for access to this app to receive their patient results. Typically this access is very restricted and narrow. The provider office only see the results they need to see. Some offices only see a couple new results a day (if any), other offices may see hundreds, even thousands of new results a day. An optional piece of software is an autoprint utility, which allows the office to get results automatically printed to some office printer, or even as PDF files on a receiving computer. Even another option is to have the results automatically received into the office management system with an electronic data interface.
Another part of these systems allows the client to make a test requisition that can either be given to the patient, put into a system that the blood draw centers can receive, or go along with the specimens the office draws themselves. This is what I think got hacked. This requisition making system has all the patient demographics needed to process and bill the patient's lab work, including their address info, responsible party info, and insurance subscriber info including any needed billing info. It is everything the lab needs to know to bill, and in most cases also includes diagnosis codes. It is quite a lot of info for each patient, and has to be current for a successful billing.