11. January 2022

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

QRS, a healthcare technology firm, that offers EHR services, is now facing a class-action lawsuit over a data breach that reportedly exposed the health and private details of 319,778 current and former patients last summer. 

The lawsuit was filed by plaintiff, Kentucky resident Matthew Tincher in the U.S. Eastern District Court of Tennessee on Jan. 3, who was one of the victims of a data breach. In a complaint, he alleged that the data exfiltration could have been mitigated if QRS had adequately guarded the patient’s health information in its possession. Additionally, the firm took two months to notify affected individuals of the data exposure.

Last year in November, QRS reported that an unauthorized third party accessed one QRS dedicated patient portal server for three days in August, and potentially secured critical data, including Social Security numbers, patient identification numbers, portal usernames, names, addresses, birth dates, and medical treatment information. The lawsuit shows the client was Lexington Heart Specialists in Kentucky. 

According to the Health Insurance Portability and Accountability Act breach notification on the EHR vendor’s website, QRS instantly took th

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: