QRS, a health IT and EHR software company, recently began notifying its provider clients of a cyberattack on a patient portal server that exposed almost 320,000 patients' personal information.
QRS reported the breach to HHS on Oct. 22 as affecting 319,778 individuals. The EHR vendor said a hacker accessed one of its dedicated patient portal servers between Aug. 23-26, according to its online data security incident notice.
The hacker accessed, and may have acquired, files on the server containing patients' information, the company said. This information included patients' names, Social Security numbers, addresses, birthdates, patient ID numbers and diagnosis details.
The attack did not involve any other QRS systems or systems belonging to any of the company's healthcare clients, and QRS is providing free identity theft protection services for any individuals whose Social Security numbers were involved in the incident.