A Tennessee-primarily based healthcare technology providers firm is facing legal action more than a cyber-attack that occurred in August 2021.
The course motion lawsuit was filed against QRS Health care Options (QRS, Inc), an electric wellness history (EHR) vendor and supplier of built-in apply management and clinical solutions, which includes digital patient portals.
On August 26 2021, QRS found out that a cyber-attacker had accessed a QRS dedicated client portal server on which selected sensitive details was stored.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
In accordance to a information security notice published by QRS on its web-site, the cyber-attack “involved the private information, including the wellness information, of some of its clients’ patients.”
The impacted server was taken offline when the attack was learned, and QRS hired a electronic forensics security company to analyze the incident.
Investigators identified that an unidentified attacker had accessed the server from August 23 2021 to August 26 2021, and might have acquired information containing the guarded overall health info (PHI) of pretty much 320,000 people.
“The information and facts may well have included, depending on the unique, their identify, handle, day of start, Social Security number, client identification amount, portal username and/or health care remedy or prognosis info,” reads QRS’s observe.
In Oct, on behalf of its shoppers, QRS started sending composed notifications to people today whose individual data was accessed in the incident. The healthcare technology solutions corporation also presented complimentary identification theft safety services to folks whose Social Security numbers may well have been compromised.
Next the details breach, Kentucky resident Matthew Tincher has submitted a class action complaint in the US District Courtroom for the Eastern District of Tennessee from QRS. Tincher, who lives in Frankfurt, alleges that QRS failed to consider fair action to safe, observe and maintain the personally identifiable data (PII) and PHI stored on its affected individual portal.
The accommodate alleges that the details was stored by QRS in an unencrypted sort. It also criticizes QRS for waiting two months right before sending out data breach notifications to impacted folks.
Some areas of this posting are sourced from:
www.infosecurity-magazine.com