EHR Vendor Faces Legal Action Over Data Breach

A Tennessee-primarily based healthcare technology providers firm is facing legal action more than a cyber-attack that occurred in August 2021.

The course motion lawsuit was filed against QRS Health care Options (QRS, Inc), an electric wellness history (EHR) vendor and supplier of built-in apply management and clinical solutions, which includes digital patient portals.

On August 26 2021, QRS found out that a cyber-attacker had accessed a QRS dedicated client portal server on which selected sensitive details was stored.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

In accordance to a information security notice published by QRS on its web-site, the cyber-attack “involved the private information, including the wellness information, of some of its clients’ patients.”

The impacted server was taken offline when the attack was learned, and QRS hired a electronic forensics security company to analyze the incident. 

Investigators identified that an unidentified attacker had accessed the server from August 23 2021 to August 26 2021, and might have acquired information containing the guarded overall health info (PHI) of pretty much 320,000 people.

“The information and facts may well have included, depending on the unique, their identify, handle, day of start, Social Security number, client identification amount, portal username and/or health care remedy or prognosis info,” reads QRS’s observe.

In Oct, on behalf of its shoppers, QRS started sending composed notifications to people today whose individual data was accessed in the incident. The healthcare technology solutions corporation also presented complimentary identification theft safety services to folks whose Social Security numbers may well have been compromised.

Next the details breach, Kentucky resident Matthew Tincher has submitted a class action complaint in the US District Courtroom for the Eastern District of Tennessee from QRS. Tincher, who lives in Frankfurt, alleges that QRS failed to consider fair action to safe, observe and maintain the personally identifiable data (PII) and PHI stored on its affected individual portal.

The accommodate alleges that the details was stored by QRS in an unencrypted sort. It also criticizes QRS for waiting two months right before sending out data breach notifications to impacted folks.