Allscripts Ransomware Attack a Reminder of Cloud Risks

A ransomware attack on electronic health records vendor Allscripts late last week or two is a reminder of the potential disruption to patient care delivery healthcare entities can face if a cloud-services provider suffers a cyberattack.

In a Friday statement, Allscripts said a ransomware incident impacted "a limited number" of applications and that the company was working to restore these systems, "and most importantly, to ensure our clients' data is protected. Although our investigation is ongoing, there is currently no evidence that any data has been removed from our systems. We regret any inconvenience caused by this temporary outage."

As of Monday, some services appeared to be back in operation, but not all.

Allscripts in a conference call for customers on Saturday said its Professional EHR and Electronic Prescriptions for Controlled Substances cloud-based services were the hardest hit by the ransomware attack, according to news site CSO Online. Other services, such as direct messaging, had availability issues as well, but those had been restored more quickly, according to that report.

In a Monday statement provided to Information Security Media Group, Allscripts says that on early morning Thursday, the company discovered a ransomware attack had affected two of its data centers, which house a small subset of our products.

"The ransomware has since been identified as a new variant of the SamSam malware. Of the roughly 1,500 clients impacted, none were hospitals or large independent physician practices, and services to many already have been restored," the company says. "In addition, we immediately notified the FBI and have been providing information to assist with their investigation. Importantly, there is no evidence that any data was removed from our systems. We continue to work unceasingly to restore all services to our clients who are still experiencing outages."

A Friday statement by NY American College of Emergency Physicians says that New York's Department of Health was aware that a cyber incident involving AllScripts that disrupted the company's e-prescribing application for controlled substances.

"This may have an impact on the ability for hospitals, clinics, nursing homes, individual prescribers and pharmacies to transmit and receive prescriptions electronically. It is permissible for those impacted to use paper official prescriptions in accordance with New York State regulations," the DOH statement says.

Only Some Services Restored

Some healthcare entities that had their access to certain Allscripts services disrupted said those services had been restored.

For example, in a statement provided Monday to ISMG, New York-based Northwell Health says the healthcare system "disconnected from Allscripts data centers strictly as a precautionary measure" after Allscripts notified the organization on Thursday that the vendor was impacted by a ransomware attack.

"Northwell moved quickly to avoid the potential for complications and Allscripts does not believe any data from its system was removed," Northwell says in the statement. "The electronic prescribing of controlled substances was the only electronic medical record that was unavailable to providers at Northwell Health's facilities - we have 23 hospitals and about 660 ambulatory locations. Northwell systems are secure and were never at risk. Northwell resumed normal operations over the weekend" using Allscripts' services, Northwell says.

Meanwhile, a spokeswoman at Clark Memorial Hospital in Jeffersonville, Ind., says the Allscripts outage had minimal impact late last week, and the disruption has been resolved.

That disruption included some patient education material not being accessible and the hospital being unable to send out test result feeds to primary care doctors. "The outage was at the end of last week, so thankfully, there wasn't a lot of disruption" since many doctor's offices are closed during the weekend anyway, she says.

But other organizations complained on twitter late last week, and were quoted in other news reports, that they had lost access to their cloud-based electronic health records systems and had to revert to paper records. And it remained unclear Monday how many of the affected entities had service completely restored.

Allscripts has not yet revealed how many of its cloud-based EHR customers had been affected. According to the company's website, Allscripts' services are used by 45,000 physician practices, 180,000 physicians, 2,500 hospitals and 40,000 in-home clinicians.

______

1. What planning do you think should have been done to avoid this

2. What risks do you see