- Politics
- Diversity, equity and inclusion
- Financial Decision Making
- Telehealth
- Patient Experience
- Leadership
- Point of Care Tools
- Product Solutions
- Management
- Technology
- Healthcare Transformation
- Data + Technology
- Safer Hospitals
- Business
- Providers in Practice
- Mergers and Acquisitions
- AI & Data Analytics
- Cybersecurity
- Interoperability & EHRs
- Medical Devices
- Pop Health Tech
- Precision Medicine
- Virtual Care
- Health equity
Allscripts Says Ransomware Attack Affected 1500 Clients
“None were hospitals or large independent physician practices,” a company spokesperson said.
(Screenshot of SamSam ransomware message.)
Allscripts, one of the largest the electronic health records (EHR) vendors in the country, said that 1,500 of its clients were impacted by a ransomware attack discovered last week.
In a statement issued to Healthcare Analytics News™, the company confirmed that the attack was discovered early in the morning on January 18th. It impacted 2 of its data centers “which house a small subset of [its] products," and the company immediately notified the FBI.
According to the statement, none of the roughly 1,500 clients “were hospitals or large independent physician practices,” although it did not clarify what was meant by the latter term.
Doctors and staff from small practices have berated the company on Twitter, however, claiming the outages have forced them to revert to using paper records and, in some cases, cancel appointments. Allscripts says its EHR services are used by about 45,000 physician practices in total.
In the statement, spokesperson Concetta Rasiarmos confirmed that the virus is believed to be a new variant of the SamSam malware that has been used to compromise hospitals over the past year. Although SamSam is manually installed by bad actors, the company reportedly claimed in a call that it did not believe it was directly targeted.
“They were most likely looking for very specific vulnerabilities and Allscripts was a match,” GreyCastle Security’s practice manager of incident response Adam Dean told Healthcare Analytics News™. “So it wasn’t targeted and it was targeted at the same time.”
“It does require an attacker and manual intervention,” Dean said. “They had the keys to the kingdom.”
Luckily, ransomware attacks don’t often result in the theft of data. Allscripts said that it did not appear that any data had been removed from their systems, and Dean said that despite interruptions to service, information is likely just encrypted rather than compromised.
The company is continuing to assist the FBI in their investigation, and it said in the statement that it would “continue to work unceasingly to restore all services to our clients who are still experiencing outages.”
“I see people mentioning [it’s a] ‘limited’ issue and [they're] ‘recovering,’” a physician whose practice was impacted told Healthcare Analytics News™. “But I have talked to dozens of physicians all over the country who have not had access to their patients' charts or vital information for 5 days, and they are frustrated.”
Related Coverage:
The Ransomware Ravaging Allscripts Is Precise and Potentially Devastating
For Hospitals, the Ransomware Threat is Heare to Stay
Lessons from a Hospital Ransomware Attack
Cybersecurity panel: How hospitals can protect their patients and their systems
November 18th 2024Chief Healthcare Executive® presents the final installment in our series, with experts from HIMSS, the American Hospital Association, and Providence. In this episode, our panel offers advice on how health systems can improve.
Cybersecurity panel: The scope of recent ransomware attacks in healthcare
October 28th 2024Chief Healthcare Executive hosted a discussion on cybersecurity with leading experts from the American Hospital Association, HIMSS and the Providence health system. They talked about the growing problem of cyberattacks.
