EHR vendor breach impacts 320k patients

Featured image

Share this article

EHR vendor breach impacts 320k patients - Paubox

QRS, an electronic health record (EHR) vendor based in Tennessee, has reported the detection of a portal data breach that exposed the private information of nearly 320,000 individuals.

Keep reading to learn more about the incident and how HIPAA compliant email can help you steer clear of future threats.

What happened?

QRS first discovered that a hacker had gained access to one of their dedicated patient portal servers on August 26. Upon learning of the attack, QRS immediately took the server offline and alerted law enforcement. The company also worked with a forensic firm to verify the security of its network, evaluate the breach, and determine the full scope.

The investigation found that the attacker accessed the portal from August 23 to August 26 and potentially acquired files with patients’ personal and protected health information (PHI) during that period. The breached data may have included individuals’ names, birth dates, addresses, portal logins, medical treatment details, and Social Security numbers.

How is QRS responding to the attack? 

QRS distributed written letters to all known contacts whose personally identifiable information (PII) was accessed by the attacker and coordinated complimentary identity theft protection services for patients who had their Social Security numbers exposed. A confidential inquiry line has also been provided which potentially affected individuals can call for additional information.

Although the company has not confirmed any identity theft or fraud in connection to the event, individuals are advised to carefully review account statements and credit reports as a precautionary measure. According to the notice, “QRS is taking steps to assess and address the risk of a similar incident occurring in the future.”

Best practices to minimize your risk 

This incident serves as an important reminder for healthcare organizations to evaluate their existing systems and proactively close security gaps. Some strategies include conducting regular audits and vulnerability scans, implementing role-based access controls, replacing outdated systems, and investing in cybersecurity training for staff.

The QRS breach also highlights that patient portals aren’t always as secure as they seem. While they may give off the appearance of extra privacy, these tools don’t guarantee more protection than other encryption methods and credentials can still be compromised. In fact, the recent rapid adoption of this technology has made patient portals a key target for cyberattacks. That’s why covered entities should turn to HIPAA compliant email for a safer way to keep patients engaged while protecting PHI.

Built to conveniently integrate with your current email platform such as Google Workspace or Microsoft 365, Paubox Email Suite sends HIPAA compliant email by default and automatically encrypts every outbound message. This means you don’t have to spend time choosing which emails to encrypt and your patients are able to receive your emails directly in their inbox without having to navigate any separate portals or passwords.

Paubox Email Suite’s Plus and Premium plan levels also include advanced inbound email security tools for further protection. Our patent-pending Zero Trust Email feature leverages email AI to confirm an email’s legitimacy, while ExecProtect quickly intercepts display name spoofing attempts.

Try Paubox Email Suite Plus for FREE today.
Author Photo

About the author

Sara Uzer

dolor sit amet, consectetur adipiscing elit. Pellentesque sit amet ullamcorper urna. Proin eget metus blandit, volutpat ex et, convallis ligula. Fusce eget pellentesque felis, a scelerisque eros. Duis in tortor dapibus, fringilla lacus eget, bibendum mi. Nunc eleifend, diam et tempor tincidunt.

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022