A cyberattack on QRS, healthcare technology services vendor, may have led to a large-scale data theft of protected health information, impacting over 319,000 patients. QRS hosts the electronic patient portal for various healthcare provider clients and provides related services, making the company responsible for data security measures.
QRS discovered the data breach in August 2021 when a threat actor gained access to a patient portal server and may have stolen some patient data. The QRS systems review determined the hacker accessed server between Aug. 23 and Aug. 26. During the hack, the actor accessed and possibly acquired files linked to QRS clients, which may have included the following personal data:
- Contact details
- Dates of birth
- Social Security numbers
- Patient identification numbers
- Portal usernames
- Treatments and diagnoses
The Lyon Firm is investigating the QRS data breach and is actively involved in numerous data privacy cases and has experience filing data security claims on behalf of plaintiffs nationwide.