No other QRS systems nor those of its clients were affected. The compromised server contained files that included PHI such as names, addresses, dates of birth, Social Security numbers, patient identification numbers, portal usernames, and medical treatment and diagnosis information..