Allscripts Says Ransomware Attack Affected 1500 Clients

(Screenshot of SamSam ransomware message.)

Allscripts, one of the largest the electronic health records (EHR) vendors in the country, said that 1,500 of its clients were impacted by a ransomware attack discovered last week.

In a statement issued to Healthcare Analytics News™, the company confirmed that the attack was discovered early in the morning on January 18^th. It impacted 2 of its data centers “which house a small subset of [its] products," and the company immediately notified the FBI.

According to the statement, none of the roughly 1,500 clients “were hospitals or large independent physician practices,” although it did not clarify what was meant by the latter term.

Doctors and staff from small practices have berated the company on Twitter, however, claiming the outages have forced them to revert to using paper records and, in some cases, cancel appointments. Allscripts says its EHR services are used by about 45,000 physician practices in total.

In the statement, spokesperson Concetta Rasiarmos confirmed that the virus is believed to be a new variant of the SamSam malware that has been used to compromise hospitals over the past year. Although SamSam is manually installed by bad actors, the company reportedly claimed in a call that it did not believe it was directly targeted.

“They were most likely looking for very specific vulnerabilities and Allscripts was a match,” GreyCastle Security’s practice manager of incident response Adam Dean told Healthcare Analytics News™. “So it wasn’t targeted and it was targeted at the same time.”

“It does require an attacker and manual intervention,” Dean said. “They had the keys to the kingdom.”

Luckily, ransomware attacks don’t often result in the theft of data. Allscripts said that it did not appear that any data had been removed from their systems, and Dean said that despite interruptions to service, information is likely just encrypted rather than compromised.

The company is continuing to assist the FBI in their investigation, and it said in the statement that it would “continue to work unceasingly to restore all services to our clients who are still experiencing outages.”

“I see people mentioning [it’s a] ‘limited’ issue and [they're] ‘recovering,’” a physician whose practice was impacted told Healthcare Analytics News™. “But I have talked to dozens of physicians all over the country who have not had access to their patients' charts or vital information for 5 days, and they are frustrated.”

Related Coverage:

The Ransomware Ravaging Allscripts Is Precise and Potentially Devastating

For Hospitals, the Ransomware Threat is Heare to Stay

Lessons from a Hospital Ransomware Attack