Allscripts Ransomware Update: Outages Expected through Monday | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Allscripts Ransomware Update: Outages Expected through Monday

January 22, 2018
by Rajiv Leventhal
| Reprints

Updating a report from Friday, Jan. 19, the Chicago-based Allscripts, one of the most prevalent EHR (electronic health record) vendors in the world, is still working to restore some of its IT systems following a ransomware attack last week.

As conveyed on Friday, Allscripts acknowledged that it has been investigating a ransomware incident that impacted a “limited number of its applications” hosted at the company’s data centers in Raleigh and Charlotte, North Carolina.

According to a report this weekend from security news site CSO Online, Allscripts’ director of information security said in a conference call that the company’s Professional EHR platform and its e-prescribing systems were hit the hardest by the attack, but they weren’t the only services that were impacted. The report stated that the vendor’s “direct messaging and some CCDA [Consolidated Clinical Document Architecture] functionality” had availability issues as well, but have since been restored. The conference call, which took place on Saturday, also revealed that Allscripts’ e-prescribing services had been restored while IT folks were working to get the Pro EHR platform back up.

Nonetheless, outages are expected to continue throughout the day on Monday, while the company’s recovery strategy “is focused on getting data restored via backups and alternative access methods,” according to the report.

The ransomware attack, which struck in the very early morning on Jan. 18, required that incident response teams from Microsoft and Cisco be called in to help. Backup systems were not affected by the incident, according to Allscripts, which said that minimal, if any, data loss is to be expected as the systems get back online.

Interestingly, the type of ransomware used in the attack—SamSam ransomware—was the same one used in an attack on Hancock Health, a health system based in Greenfield, Indiana, earlier this month. As Healthcare Informatics reported at the time of that incident, health system officials shut down the entire Hancock Health network and eventually paid the hacker a bitcoin ransom in the amount of $55,000.

The SamSam ransomware was also used in the infamous attack on the 10-hospital, Columbia, Md.-based MedStar Health integrated health system in March 2016. In fact, a report in Bleeping Computer noted that other reported attacks that involved the use of the SamSam virus include: Adams Memorial Hospital in Decatur, Indiana; the municipality of Farmington, New Mexico; and an unnamed ICS (Industrial Control Systems) company in the U.S.

According to an April 2016 blog from Mountain View, Calif.-based security vendor Symantec, “Samsam, unlike more conventional ransomware, is not delivered through drive-by-downloads or emails. Instead, the attackers behind Samsam use tools such as Jexboss to identify unpatched servers running Red Hat’s JBoss enterprise products. Once the attackers have successfully gained entry into one of these servers by exploiting vulnerabilities in JBoss, they use other freely available tools and scripts to collect credentials and gather information on networked computers. Then they deploy their ransomware to encrypt files on these systems before demanding a ransom.”

However, CSO Online’s report stated that Allscripts said that the ransomware appeared to be a “commodity malware and that the company wasn’t directly targeted.”

Allscripts’ systems are said to serve some 180,000 physicians and 2,500 hospitals. It is unclear if the company paid any ransom.

2018 Raleigh Health IT Summit

Renowned leaders in U.S. and North American healthcare gather throughout the year to present important information and share insights at the Healthcare Informatics Health IT Summits.

September 27 - 28, 2018 | Raleigh



Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.