Malware attack leaves 1,500 customers without access to cloud-based EHRs, other systems.
Ransomware hits Allscripts; Apple updates Health Record app; industry groups aim to streamline prior authorization process.
Acyberattack employing ransomware in mid-January crippled cloud-based services provided by Allscripts, one of the nation’s largest electronic health records vendors. The Chicago-based company said services to 1,500 healthcare organizations—primarily small physician group practices—were interrupted for several days. It reported that all services were fully restored to all customers on January 26. Customers vented their anger on social media, and one class action lawsuit already has been filed against the company. Allscripts’ problems began January 18 when a variant of the SamSam malware affected two data centers hosting its Pro EHR system and the electronic prescribing of controlled substances software. In communications with customers the next day, Allscripts said it was attempting to “restore both the directly affected services—hosted Pro EHR and hosted EPCS—and the other unaffected services that we proactively shut down to protect clients and client data.” Northwell Health, a 22-hospital delivery system in New York, was affected by the Allscripts breach, although a company spokesman contends the impact on the organization was minimal. “When we learned of the attack, we disconnected from data centers as a precautionary measure,” he says. “We lost e-prescribing for controlled substances, but other systems were secure and never at risk.” During the outage, the New York American College of Emergency Physicians advised its 2,300 members they were allowed to use “paper official prescriptions” until services are restored. Legal action against Allscripts began almost as soon as the attack was fully resolved. Surfside Non-Surgical Orthopedics in Boynton Beach, Fla., filed a class action complaint, charging Allscripts with failing to secure its systems and data from cyberattacks, preventing clients from conducting routine and ordinary business.