EHR provider hit with lawsuit following information breach

An electronic well being chronicle provider became sued this previous week after a cyberattack resulted in the publicity of the records of 319,778 other folks.  

In October, the Tennessee-based completely QRS, which presents EHR and follow-administration instrument, started notifying other folks of the incident.

“QRS did now not reasonably accurate, show screen, and effect the accurate well being information and in my opinion known information kept on its patient portal,” stated plaintiff Matthew Tincher within the class action complaint filed in U.S. district court this previous Monday.  

“As a consequence, plaintiff and roughly 319,000 recent and weak sufferers of healthcare providers that utilized QRS’ companies and products suffered recent damage and damages within the build of identification theft, lack of imprint of their Soft Files, out-of-pocket costs and the worth of their time reasonably incurred to resolve or mitigate the effects of the unauthorized bag admission to, exfiltration, and subsequent felony misuse of their sensitive and extremely personal information,” constant with the document.

Calls to QRS for comment had been now not returned by press time.  


As outlined within the complaint, QRS chanced on on August 26, 2021 that an unauthorized actor had accessed a patient portal server – and, by extension, the non-public information kept on that server – initiating three days prior.

“Between August 23 and August 26, 2021, the attacker accessed, and sure received, information on the server containing sensitive information, including names, addresses, dates of initiating, Social Security numbers, patient identification numbers, well being portal usernames, and clinical treatment or evaluation information,” be taught the complaint.  

Tincher believes that his information and that of sophistication members became for this reason reality sold on the dark net, given known practices of different cyber criminals.  

“Social Security numbers … are amongst the worst extra or much less PII to possess stolen because of they are frequently put apart to a vary of false uses and are refined for an particular particular person to interchange,” stated the complaint.  

Quickly after the records breach, Tincher says he experienced identification theft, including extra than ten unauthorized costs on his bank yarn and credit card.  

He accused QRS of failing to adequately put into effect measures urged by threat intelligence specialists and federal agencies to prevent and detect cyberattacks.   

Tincher is calling for damages and a prohibition on QRS asserting his information and that of the opposite class members on a cloud-based completely database, amongst other requested judgments.  

“Since the records breach, plaintiff is at a recent threat and must proceed to be at increased threat of identification theft and fraud for years to come,” be taught the complaint.  


QRS is now not on my own. Various healthcare organizations and mates possess faced elegant action following cyberattacks. 

This previous One year Scripps Health became hit with a handful of complaints after a ransomware attack took down its network for weeks.

The prospective penalties of ransomware lengthen beyond information publicity, however. A lawsuit filed in October 2021 alleges that such an incident resulted in the dying of an toddler, which could presumably perchance perchance build it the key fatality of its kind within the US.


“Plaintiff brings this action on behalf of himself and class members for the reduction requested above and for the overall public income in yelp to advertise the overall public interests within the provision of honest, elegant information to enable buyers to construct suggested shopping choices and to present protection to plaintiff, class members and the overall public from QRS’ unfair, untrue and unlawful practices,” constant with the complaint.

“QRS’ wrongful conduct as alleged on this complaint has had frequent affect on the overall public at spruce,” it endured.

Kat Jercich is senior editor of Healthcare IT Files.

Twitter: @kjercich

Electronic mail: [email protected]

Healthcare IT Files is a HIMSS Media publication.

Learn Extra

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *