Allscripts recovers after ransomware attack, outages still possible through Monday: 10 things to know

The Chicago-based EHR vendor Allscripts has been recovering since Thursday from a ransomware attack that took down several applications hosted in data centers in Raleigh and Charlotte, N.C., according to CSO Online.

Some clients were still offline Sunday, according to the Politico Morning eHealth newsletter.

Here are 10 things to know.

1. Between 2 a.m. and 6 a.m. on Jan. 18, Allscripts was struck by ransomware, affecting applications hosted in its data centers located in Raleigh and Charlotte.

2. At the time of the attack, a company spokeswoman told Becker's Hospital Review a "limited number" of its applications were affected. At that time, its Professional EHR and Electronic Prescriptions for Controlled Substances services were unavailable, and other unaffected applications were proactively shut down to protect clients and client data, according to Politico.

3. The vulnerability that was exploited wasn't within an Allscripts application, so self-hosted customers are not at risk, according to HIStalk.

4. In a conference call for customers Saturday, Jeremy Maxwell, director of information security at Allscripts, said the company's PRO EHR and EPCS services were hit hardest by the attack, according to CSO Online.

5. As of Saturday, EPCS had been restored. Other services — such as direct messaging and some consolidated clinical document architecture functionality — still had availability issues but were later restored. The company's IT team is still working to get its Professional EHR back online.

6. On Sunday, Allscripts told providers to prepare for outages continuing through Monday. The company is still working to restore its data via backups and alternative access methods. Backup systems were not affected by the ransomware.

7. Allscripts said the ransomware was a variant of SamSam unrelated to the version that infected Greenfield, Ind.-based Hancock Health and Decatur, Ind.-based Adams Health Network earlier that week, HIStalk reports.

8. The ransomware appeared to be a commodity malware, meaning Allscripts wasn't directly targeted, the company said on the conference call.

9. The malware doesn't spread as a worm or via virtual private network, so client computers will not be affected, HIStalk reports.

10. Allscripts hasn't said how many were affected or whether it paid ransom. And while the company has no evidence any client data was removed from its systems, Allscripts will let customers know what — if any — HIPAA breach reporting is required.

Becker's Hospital Review has reached out to Allscripts for comment. This story will be updated as more information becomes available.

More articles on cybersecurity:

Allscripts investigating ransomware incident, some services unavailable to customers

Report: Government considers nuclear response to cyberattacks

Man claims he bought laptop at resale shop, but it belongs to Advocate Lutheran General Hospital

© Copyright ASC COMMUNICATIONS 2018. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months