A federal judge tossed out a class-action lawsuit against EHR vendor Allscripts on June 4 over a ransomware attack that left several of its hospital clients unable to access their EHRs last year, Law360 reports.
The judge ruled that the lawsuit was directed toward the wrong entity, Allscripts Healthcare Solutions Inc., which serves as the parent company of Allscripts Healthcare Solutions LLC. According to the judge, Allscripts' LLC is responsible for the company's cybersecurity and privacy measures, not the parent company.
Surfside Non-Surgical Orthopedics in Boynton Beach, Fla., filed the class-action lawsuit against Allscripts in January 2018, shortly after the EHR vendor was hit with ransomware as part of the SamSam cyberattack earlier that month. The SamSam ransomware infiltrated Allscripts' data centers in Raleigh and Charlotte, N.C., which left almost 1,500 of its clients without access to their EHRs. Some customers regained EHR access hours after the attack, while others were still unable to access electronic patient data one-week post-attack.
The lawsuit sought class-action status for Allscripts customers that were affected by the EHR downtime after the attack. Additionally, the plaintiffs were also pursuing damages related to disruption of business and lost revenue.
Editor's note: Becker's Hospital Review reached out to Allscripts for comment and will update the report as more information becomes available.