Allscripts Hit With Lawsuit After Ransomware Attack

Allscripts, one of the nation’s largest electronic health records (EHR) vendors, is facing a class-action lawsuit after a SamSam ransomware attack battered the company, disrupting services for roughly 1,500 clients, Healthcare Analytics News™ has learned.

Attorney John Yanchunis said he filed the suit on behalf of a Florida-based orthopedic group yesterday in United States District Court for the Northern District of Illinois. The suit seeks class-action status for all Allscripts customers who were affected by downtime following the attack, which occurred last week and allegedly interrupted tasks like billing, doctor appointment scheduling, and EHR use.

“Practices were shut down, many of them for as many as 8 days,” Yanchunis told HCA when reached by phone this morning. “This was a major disruption for physicians.”

The complaint seeks injunctive relief to ensure that Allscripts prevents such a situation from taking place again, he said. He is also pursuing damages related to a loss of revenue and the disruption of business—for his client and any other affected healthcare organization.

Some medical practices couldn’t access their digital scheduling platforms, meaning they could not contact patients to remind them of upcoming appointments, which resulted in no-shows, Yanchunis said. When patients showed up, some physicians couldn’t retrieve their electronic medical records, forcing them to spend more time with a given patient to determine medication histories and more, he said. In some cases, doctors had to call pharmacies to find out which drugs they had prescribed a patient, he added.

Certain health plans, like Medicare and Medicaid, require EHR documentation, Yanchunis said. Healthcare organizations recorded information in hand-written records, which they will need to translate to EHR for billing purposes, a time-intensive task, he said.

Further, during the downtime, some practices could not process billing, the attorney noted.

Ultimately, the incident led to lost income and business for affected Allscripts clients, he claimed.

A media relations representative for Allscripts did not immediately respond to a request for comment.

Physician sources, meanwhile, have made vocal their unhappiness with the ransomware attack and its effects on their practices. Some have filed complaints with the Office of the National Coordinator for Health Information Technology. Others have supported the filing of the class-action lawsuit.

“We keep getting pushed around and we just accept it,” one clinician wrote. “Enough is enough.”

HCA is working on getting a copy of the complaint. Stay tuned for more coverage today.

Update: Allscripts says it has restored services to all clients as of 1:17 p.m. Jan. 26. Read more here.