Healthcare Providers Still Paralyzed Following Allscripts Ransomware Attack
Allscripts, one of the larger electronic health records (EHR) vendors in the U.S., is continuing to grapple with a ransomware attack.
For the seventh straight day on Wednesday healthcare providers across the country continued to wrestle with the repercussions of a ransomware attack that hit the electronic health record (EHR) company Allscripts last week.
The company, which is headquartered in Chicago, maintains electronic health record systems (EHR) for physician practices, hospitals, and healthcare systems around the world.
Practices across the U.S. have been crippled this week, much to the frustration of clinicians. Major hospitals and large independent physician practices, along with along with clinics elsewhere in the world, have been spared according to reports.
The incident began after two data centers in Raleigh and Charlotte, N.C were hit by of ransomware last Thursday. The attack took down the company’s Professional EHR services along with the system it runs to allow the electronic prescribing of controlled substances. Some AllScripts users reported having difficulty accessing some of the company’s tools – InfoButton, regulatory reporting, clinical decision support, direct messaging and Payerpath – last week as well.
The company has been fairly mum about the incident, at least externally, but it did say in a statement released to publications on Tuesday that 1,500 customers were affected and that SamSam, a strain of ransomware that's been synonymous with hospital and healthcare ransomware attacks since 2016, was the culprit.
“Of the roughly 1,500 clients impacted, none were hospitals or large independent physician practices, and services to many already have been restored. Importantly, there is no evidence that any data was removed from our systems,” the company said. “We continue to work unceasingly to restore all services to our clients who are still experiencing outages.”
SamSam was the same strain of ransomware that encrypted files at Hancock Health, a regional hospital in Indiana, just outside Indianapolis, earlier this month. Officials at the facility paid a whopping $55,000 to restore the files after three days of using pen and paper in lieu of computers.
The attack appears to have only affected roughly three percent of the practices that use Allscripts. On its site the service says it's used by 45,000 physician practices with 180,000 doctors, 2,500 hospitals and 19,000 post-acute care providers.
While Allscripts said this week that it had managed to restore some users systems this week, that was clearly not the case for many.
Judging from Twitter, the service has been hit or miss for users since last week.
Some users complained that they’ve been unable to login to their cloud-based Allscripts EHR Pro accounts. Other doctors tweeted they’ve been forced to cancel patient appointments, pay staff overtime, and still have little to no access to patient records.
Gary Greenberg, MD., of Open Door Clinic, Urban Ministries of Wake County, said early Wednesday his clinic regained some access to Allscripts overnight but lost it by the time morning had arrived.
Our clinic's access & operability for cloud-based #Allscripts resumed overnight, but !gone this AM. Not much basis for confidence. Wonder when we should retro data-catch-up?
— Gary Greenberg (@GGreenberg) January 24, 2018
Other Allscripts users complained experiencing similar downtime.
Up briefly yesterday, down again today. Still zero access to patient data. #allscripts
— Michelle Stodden (@michellestodden) January 24, 2018
The outage forced Pulmonary Physicians Inc., a practice in Canton, Ohio, to turn patients away this week. Dr. George Kefalas, who specializes in pulmonary medicine and pulmonary critical care, told a local ABC affiliate this week his staff has been unable to access medical records for their 8,500 patients. Without that data, Kefalas said the practice had no choice but to shutter.
It's unclear exactly when Allscripts will have its systems completely back to normal. The company did not respond to multiple requests for comment on Wednesday.