Over 1650 Total Lots Up For Auction at Five Locations - NJ Cleansweep 05/07, NJ Cleansweep 05/08, CA 05/09, CO 05/12, PA 05/15

Spanish SpanishFrench FrenchPortuguese Portuguese

EHR vendor QRS sued over breach to patient portal server

by John R. Fischer, Senior Reporter | January 14, 2022
Cyber Security Health IT
Share

It is requesting that QRS be forced to implement and maintain an information security system to protect the confidentiality and integrity of the plaintiff’s and others’ information. It also wants QRS to use independent third-party security auditors, penetration testers and internal security personnel to conduct simulated attacks, penetration tests and audits of its systems periodically, and for QRS to “promptly correct” any problems or issues detected by third-party security auditors. Additionally, it asks that the court prevent the company from maintaining the PII and PHI information on a cloud-based database.

In the past year and a half, 82% of healthcare providers have experienced some form of an IoT cyberattack, according to a report by data security firm Medigate and cloud-based protection provider CrowdStrike. Of these, 34% were hit with ransomware and of this group, 33% paid the ransom, but only 69% reported a full restoration of their data.

stats
DOTmed text ad

Your Trusted Source for Sony Medical Displays, Printers & More!

Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.

stats

The findings indicate that healthcare delivery organizations are in need of more basic defense, including cyber insurance considerations, firewalling, and NAC enforcement products.

Scripps Health was hit with a malware attack in late April that led it to shut down its patient portals and email servers for most of the month. The attack led to a lawsuit that claimed the attack potentially created "a lifetime risk of identity theft” for nearly 150,000 patients.

A combination of mid-year revenue lost, and incremental expenses incurred from its response to the attack ended up costing the company almost $113 million.

For this current case, regulatory attorney Paul Hales of the Hales Law Group told GovInfoSecurity that the plaintiff must allege that they endured harm due to the breach. "The sole plaintiff in this case claims to have suffered specific examples of actual identity theft resulting from the QRS data breach. We have yet to hear from other potential class members."

QRS and Tincher’s attorney did not respond to Gov Info Security’s requests for comment.

Back to HCB News
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

classifieds

Health IT Homepage

Sun Nuclear acquires AI software firm Oncospace to bolster radiation oncology tools
Scriptor Software separates transcription from reporting with rScriptor platform
Groundbreaking new $2 Billion pediatric hospital deploys Vizzia advanced RTLS
Are you ready for the upcoming SIIM meeting?
Konica Minolta updates Exa platform with built-in 3D imaging and expanded integration tools
Unlocking healthcare data's full potential
Healthcare ecosystem collaboration is key to a healthy revenue cycle
Tackling financial pressures: Why home-based care providers are outsourcing RCM
Perspectum software reduces MR costs, biopsies in liver disease diagnosis
How to approach eCOA platforms to ensure success