Skip to main content
computer code

Lyon Firm Files QRS Data Breach Complaint

Written by The Lyon Firm on . Posted in Data Breach, Lyon Firm In News.

Thank you for considering The Lyon Firm. At this time, we are not accepting plaintiffs related to this specific consumer issue. However, if you would like to be contacted in the future, please complete the contact form. By completing the form you will be contacted if the Firm begins accepting new cases on this matter, and you will also be included in firm news alerts related to important consumer safety and privacy issues to help keep you informed about related issues.

The Lyon Firm has filed a lawsuit against QRS, a healthcare technology company that provides EHR services, on behalf of a Kentucky plaintiffs and a class of data breach victims nationwide.

After an August 2021 cyberattack impacted around 320,000 patients, privacy attorneys took legal action. In the filing, the plaintiff alleges QRS failed to properly safeguard protected health information (PHI) and took two months for QRS to notify impacted individuals.

According to reports, between August 23 and August 26, an unauthorized third party accessed the QRS network, and potentially acquired Social Security numbers, patient identification numbers, portal usernames, names, addresses, birth dates, and medical treatment information.

The Lyon Firm’s QRS data breach plaintiff, Kentucky resident Matthew Tincher, said he received a notice on October 22 that an unauthorized third party had gained access to his Social Security number, birth date, patient number, and portal username.

The lawsuit argues that by entering into a HIPAA business associate agreement with its clients, QRS was responsible for keeping the plaintiff’s information safe from cyberattacks.

The lawsuit lists a number of cybersecurity measures outlined by the Cybersecurity and Infrastructure Security Agency (CISA) and the Microsoft Threat Protection Intelligence Team, claiming that QRS should have implemented these measures to prevent a ransomware attack.

The lawsuit also explained Tincher and other potential class members expended energy and funds to mitigate the risks associated with the breach.