After a breach exposed the Data of 319,778 people, an electronic health record company was sued this week. QRS, Inc., a Tennessee-based provider of EHR and practise management software, began notifying individuals of the issue in October. QRS failed to keep protected health information and personally identifiable information on its patient portal secure, monitored, and maintained in a reasonable manner.
Plaintiff and approximately 319,000 current and former patients of healthcare providers who used QRS’ services suffered current injury and damages in the form of identity theft, loss of value of their Sensitive Information, out-of-pocket expenses, and the value of their time reasonably incurred to remedy or mitigate the effects of unauthorised access, exfiltration, and subsequent criminal misuse of their sensitive and highly personal information.
Tincher claims he was the victim of identity theft shortly after the Data leak, with more than 10 unauthorised charges on his bank account and credit card. He accused QRS of neglecting to execute threat intelligence specialists’ and federal agencies’ recommendations for preventing and detecting cyber threats. Tincher is seeking damages as well as an injunction against QRS from storing his and the other class members’ information on a cloud-based Data base, among other things.