Over 2100 Total Lots Up For Auction at Five Locations - NJ 04/25, MA 04/30, NJ Cleansweep 05/02, TX 05/06, NJ 05/08

Spanish Spanish

EHR vendor QRS sued over breach to patient portal server

by John R. Fischer, Senior Reporter | January 14, 2022
Cyber Security Health IT
Share

It is requesting that QRS be forced to implement and maintain an information security system to protect the confidentiality and integrity of the plaintiff’s and others’ information. It also wants QRS to use independent third-party security auditors, penetration testers and internal security personnel to conduct simulated attacks, penetration tests and audits of its systems periodically, and for QRS to “promptly correct” any problems or issues detected by third-party security auditors. Additionally, it asks that the court prevent the company from maintaining the PII and PHI information on a cloud-based database.

In the past year and a half, 82% of healthcare providers have experienced some form of an IoT cyberattack, according to a report by data security firm Medigate and cloud-based protection provider CrowdStrike. Of these, 34% were hit with ransomware and of this group, 33% paid the ransom, but only 69% reported a full restoration of their data.

The findings indicate that healthcare delivery organizations are in need of more basic defense, including cyber insurance considerations, firewalling, and NAC enforcement products.

Scripps Health was hit with a malware attack in late April that led it to shut down its patient portals and email servers for most of the month. The attack led to a lawsuit that claimed the attack potentially created "a lifetime risk of identity theft” for nearly 150,000 patients.

A combination of mid-year revenue lost, and incremental expenses incurred from its response to the attack ended up costing the company almost $113 million.

For this current case, regulatory attorney Paul Hales of the Hales Law Group told GovInfoSecurity that the plaintiff must allege that they endured harm due to the breach. "The sole plaintiff in this case claims to have suffered specific examples of actual identity theft resulting from the QRS data breach. We have yet to hear from other potential class members."

QRS and Tincher’s attorney did not respond to Gov Info Security’s requests for comment.

Back to HCB News
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal
Teleradiology company and CEO admit to unlawful billing, will pay $3.1 million
How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
IONIC Health, GE HealthCare announce 510(k)-clearance of nCommand Lite System for multi-vendor, remote imaging
Field service technicians: Unsung heroes in maintaining efficiency and reducing headaches in hospital networks
HHS opens probe into role Change Healthcare may have played in cyberattack
Philips and AWS unveil pathology cloud data storing initiative at HIMSS
PE firm Frazier HealthCare Partners acquires RevSpring from GTCR
Ransomware attackers claim they sold Lurie Children's Hospital data for $3.4 million on dark web