EHR Vendor Faces Legal Action Over Data Breach
A Tennessee-based healthcare technology services company is facing legal action over a cyber-attack that occurred in August 2021.
The class action lawsuit was filed against QRS Healthcare Solutions (QRS, Inc), an electric health record (EHR) vendor and provider of integrated practice management and clinical services, including electronic patient portals.
On August 26 2021, QRS discovered that a cyber-attacker had accessed a QRS dedicated patient portal server on which certain sensitive information was stored.
According to a data security notice published by QRS on its website, the cyber-attack “involved the personal information, including the health information, of some of its clients’ patients.”
The impacted server was taken offline when the attack was discovered, and QRS hired a digital forensics security firm to analyze the incident.
Investigators determined that an unknown attacker had accessed the server from August 23 2021 to August 26 2021, and may have acquired files containing the protected health information (PHI) of almost 320,000 patients.
“The information may have included, depending on the individual, their name, address, date of birth, Social Security number, patient identification number, portal username and/or medical treatment or diagnosis information,” reads QRS’s notice.
In October, on behalf of its clients,