Cyber Incident Victim: QRS Healthcare Solutions

On August 26, 2021, healthcare technology services provider QRS, Inc. discovered that an attacker had compromised a patient portal associated with one of its clients. The unauthorized access led to the exfiltration of files from the client’s server. QRS detected the breach within three days of the initial attack. The compromised data potentially included patients’ names, addresses, dates of birth, Social Security numbers, patient identification numbers, portal usernames, and medical treatment or diagnosis information. The company confirmed the incident was isolated to the specific client’s portal and did not affect other QRS systems or any other client environments. QRS filed a notification with the U.S. Department of Health and Human Services (HHS), reporting the breach as impacting 319,788 individuals.

On November 30, 2021, the Snatch ransomware group claimed responsibility for the attack on its dedicated leak site, though QRS did not publicly confirm this attribution. Separately, Gregory Brewer, MD PLLC—a client potentially linked to the compromised portal—reported the incident as affecting 6,027 of its patients. It remains unclear whether this figure was included in QRS’s original HHS report. No additional technical details about the attack vector, containment measures, or forensic findings were disclosed in the source material. The breach exposed sensitive protected health information but did not disrupt broader operations across QRS’s infrastructure or its other clients.