KNOXVILLE, Tenn. (WATE) – A Knoxville-based medical records company is facing a class action lawsuit after a hacker gained access to medical records and information of 319,778 people last August.
The lawsuit, filed Jan. 3, alleges that Quality Rep Services, Inc. (QRS), a provider of health technology services in the Hardin Valley, failed to “adequately secure, monitor and maintain” the private health information and personally identifiable information stored on it. Electronic portal for customers of healthcare providers.
The lawsuit says an “unknown number” of current and former patients were affected.
A Kentucky resident filed the lawsuit after saying his “sensitive information was exfiltrated and stolen during the data hiatus.” The lawsuit alleges that QRS “failed” to implement measures that prevented and detected ransomware attacks.
Pellissippi State ransomware attack frustrates students
On August 26, QRS discovered that a hacker had gained access to a server containing customers’ personal information three days earlier. The company immediately took the server offline and contacted law enforcement. A notice to customers posted on the QRS website said the hacker “may have obtained” personal information.
Among the data that may have been collected in the violation, including names, dates of birth, addresses, social security numbers, portal user name, information about medical treatment and diagnosis and patient identification numbers.
READ: More top stories on WATE.com
The lawsuit seeks to get QRS to strengthen its data security systems and monitoring procedures, to undergo future annual audits of those systems and procedures, to provide “adequate” credit monitoring to those who join the lawsuit, and to seek monetary compensation for those who join the lawsuit Damages and attorney fees in a trial before a jury.
“QRS deeply regrets any concern or inconvenience this incident may cause,” the company said in a post on its website. “QRS deeply regrets any concern or inconvenience this incident may cause. QRS is taking steps to investigate the attack and to assess and address the risk of a similar incident occurring in the future.”
The company encourages anyone affected to keep an eye on their bank statements and credit reports and to report any discrepancies immediately.
If you are a QRS customer and would like more information, call 855-675-3080 Monday through Friday, 9 a.m. to 9 p.m. Eastern Time. Learn more about avoiding identity theft with these tips from the Federal Trade Commission on fraud alerts, security/credit stops, and steps to take to avoid identity theft.
Suggest a correction
Suggest a correction