KNOXVILLE, Tenn. (WATE) — A Knoxville-based medical data company is facing a class action lawsuit after a hacker gained access to medical records and information for 319,778 people this past August.
The lawsuit filed Jan. 3 accuses, Quality Rep Services, Inc. (QRS) a health care technology services vendor in Hardin Valley, of failing to “reasonable secure, monitor, and maintain” the private health information and personally identifiable information stored on its electronic portal for health care provider clients.
The lawsuit says an “unknown number” of current and former patients were affected.
A Kentucky resident filed the lawsuit after he says his “Sensitive Information was exfiltrated and stolen during the Data Breach.” The lawsuit claims QRS “failed” to implement measures that would have prevented and detected ransomware attacks.
On Aug. 26, QRS discovered a hacker had gained access three days earlier to a server containing personal information of clients. The company immediately took the server offline and contacted law enforcement. A notice to clients posted on the QRS website said the hacker “may have acquired” personal information.
Data that may have been collected in the breach includes names, birth dates, addresses, Social Security numbers, portal usernames, medical treatment and diagnosis information, and patient identification numbers.
The lawsuit aims to make QRS strengthen its data security systems and monitoring procedures, submit to future annual audits of those systems and procedures, provide “adequate” credit monitoring for those who join the lawsuit, and seeks monetary compensation for damages and attorney fees in a trial held before a jury.
“QRS deeply regrets any concern or inconvenience this incident may cause,” the company said in a post on their website. “QRS deeply regrets any concern or inconvenience this incident may cause. QRS is taking steps to investigate the attack and assess and address the risk of a similar incident occurring in the future.”
The company urges anyone who may have been affected to keep an eye on their account statements and credit report and report discrepancies immediately.
If you are a customer of QRS and would like more information, call 855-675-3080 from 9 a.m. to 9 p.m. Eastern time, Monday through Friday. Learn more about avoiding identity theft with these tips provided by the Federal Trade Commission on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft.