Allscripts recovering from ransomware attack that has kept key tools offline

Jan. 22, 2018

Allscripts, the electronic health record (EHR) company headquartered in Chicago, IL said they were still working to recover from a ransomware attack that left several applications offline after data centers in Raleigh and Charlotte, NC were infected on Jan. 18.

In a conference call for customers on Jan. 21, Allscripts’ Jeremy Maxwell, director of information security, said their PRO EHR and Electronic Prescriptions for Controlled Substances (EPCS) services were the hardest hit by the ransomware attack.

Other services had availability issues as well, but those have since been restored, such as direct messaging and some CCDA functionality.

EPCS has been also restored (as of Jan. 20) and they are working on getting PRO EHR back online.

Allscripts also told providers to prepare for outages to continue through Jan. 22 as the company recovers. The recovery is focused on getting data restored via backups and alternative access methods.

“We are working around the clock to get everybody up and running by [Monday morning]. However, in terms of planning—in an abundance of caution—it would be advisable to plan for a continued outage though Monday,” said Robyn Eckerling, Chief Privacy and Security Counsel at Allscripts.

The ransomware attack started on Thursday, Jan. 18 at around 02:00 a.m. EST, and by 06:00 a.m. EST it was a full-blown ransomware incident, which required that incident response teams from Microsoft and Cisco be called in to assist.

Backup systems were not impacted by the ransomware, thus enabling Allscripts to restore systems one-by-one from backup. Full backups are made on Friday, and incremental backups are done nightly at 10:00 p.m. EST. So as the systems are restored, the expectation is that there will be minimal—if any—data loss.

The variant of SamSam that infected Allscripts was a new variant unrelated to the version of SamSam that infected systems at Hancock Health Hospital in Greenfield, Indiana and Adams Memorial Hospital in Decatur, Indiana. This data was confirmed by the Microsoft and Cisco teams, as well as the FBI.

Allscripts said that all appearance this was commodity malware and that the company wasn’t directly targeted.

CSO has the full article

Sponsored Recommendations

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...