Allscripts faces class-action lawsuit after SamSam attack

Allscripts clients had a tough time operating this week after the EHR vendor was hit with ransomware nearly eight days ago, and now one of those users is seeking damages for itself and others, according to court documents.

Surfside Non-Surgical Orthopedics in Boynton Beach, Fla., filed a class-action lawsuit against the Chicago-based EHR company Thursday.

They claim Allscripts failed "to secure its systems and data from cyberattacks, including ransomware attacks," the complaint reads. The lawsuit further alleges Allscripts' EHR and electronic prescription system outages resulted in canceled appointments, "significant business interruption and disruption, and lost revenues."

Becker's Hospital Review reached out to Allscripts, but company spokeswoman Concetta Rasiarmos declined to comment because the company does not discuss pending litigation.

A variant of SamSam ransomware infiltrated Allscripts' data centers in Raleigh and Charlotte, N.C., in the early morning hours of Jan. 18. The company said only a limited number of applications had been affected, but later explained nearly 1,500 clients were without the EHR for hours or even days — one week after the attack, some were still unable to access electronic patient data.

Ms. Rasiarmos also did not address questions seeking additional details on the company's ransomware recovery efforts.

The suit seeks class-action status for all Allscripts customers who were affected by downtime following the attack. The plaintiffs are pursuing damages related to lost revenue and disruption of business. They are also requesting injunctive relief to ensure Allscripts prevents these types of attacks from happening again.

Becker's Hospital Review has reached out to Morgan & Morgan Complex Litigation Group, which helped file the suit on behalf of Surfside, for comment. This story will be updated as more information becomes available. 

More articles on cybersecurity:

A new natural language processing system can define EHR 'jargon': 5 things to know
VA partners with CMS to detect medical claims fraud, abuse with data analytics
Johns Hopkins, Medopad collaborate on predictive analytics, population health monitoring

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months