Health IT

Allscripts still working to rebound after ransomware attack (Updated)

Last week, Chicago-based Allscripts was affected by a ransomware attack that took its cloud-based EHR and some e-prescribing capabilities offline. The vendor said to expect continued outages Monday.

This article has been updated with additional information and a statement from Allscripts.

The healthcare cybersecurity woes of 2017 seem to be just as prevalent in 2018.

On January 18, Allscripts was hit with a ransomware attack.

The news was first reported by HIStalk, which noted that the attack took down applications hosted in the vendor’s Raleigh and Charlotte, North Carolina data centers. The Allscripts Professional EHR and some e-prescribing system capabilities were affected.

In a statement sent to HIStalk, Allscripts said:

We are investigating a ransomware incident that has impacted a limited number of our applications. We are working diligently to restore these systems, and most importantly, to ensure our clients’ data is protected. Although our investigation is ongoing, there is currently no evidence that any data has been removed from our systems. We regret any inconvenience caused by this temporary outage.

The attack is said to have involved a strain of SamSam malware. In a conference call on Sunday, the Chicago-based vendor said providers should prepare for outages to continue through Monday, according to CSO.

Over the past few days and into Monday morning, healthcare professionals across the country have voiced their frustration with the situation on social media.

The company, which serves 180,000 physicians and 2,500 hospitals, did not initially say how many customers were affected or whether it paid any ransom, according to Politico.

In a statement sent on the evening of January 22, Allscripts discussed the number of impacted clients.

The full statement reads:

On early Thursday morning, January 18, we discovered a ransomware attack had affected two of our data centers, which house a small subset of our products. The ransomware has since been identified as a new variant of the SamSam malware. Of the roughly 1,500 clients impacted, none were hospitals or large independent physician practices, and services to many already have been restored. In addition, we immediately notified the FBI and have been providing information to assist with their investigation. Importantly, there is no evidence that any data was removed from our systems. We continue to work unceasingly to restore all services to our clients who are still experiencing outages.

Photo: ValeryBrozhinsky, Getty Images