SECAUCUS, N.J. (CBSNewYork) — If you’ve ever been a patient at Quest Diagnostics medical labs, your personal information may have been leaked.

Millions of patients’ personal files could now be in the hands of hackers, CBS2’s Natalie Duddridge reported Monday.

Patients walking into Quest Diagnostics, one of the biggest blood-testing providers in the country, were worried Monday that they may be some of the nearly 12 million customers whose personal data was breached.

“It’s outrageous. So far, knock on wood, I haven’t personally been affected that I know of,” Delbert Thompson said.

Quest says a contract company called the American Medical Collection Agency — or AMCA — alerted it in May that an unauthorized user got into its system and accessed all kinds of private information, like credit card and bank account numbers, medical records, and even Social Security numbers.

“There’s a lot that people can do with stolen Social Security information. Most of the time it’s sold online on the dark web or on criminal forums. What people can do with that is they can use that to set up a credit card in your name,” said CNET reporter Alfred Ng.

FLASHBACK: Quest Diagnostics Says 34,000 Customer Accounts Hacked

CBS2 reached out to Quest, which said it has stopped using AMCA for now and is alerting patients, some who have experienced similar leaks before.

“I actually locked all my credit cards years ago, the first time I had a breach, which is an inconvenience and a pain, but I did it,” Upper West Side resident Paul Banks said.

Security experts say the first thing you should do is reach out to Quest Diagnostics to find out if you were one of the millions of people affected. If so, there are some steps you should take immediately.

“People should definitely be concerned any time their Social Security information is exposed,” Ng said. “Freeze your credit report, so that people can’t open up a new credit card in your name or anything like that.”

Quest said it has taken down its web payments page online to prevent any further leaks, and hired an outside forensics team to dig deeper into how the intrusion happened.

Quest said that lab test results were not exposed in the breach, but wouldn’t specify what kind of medical information was leaked.