Medical Providers Sue Allscripts Over Ransomware

Allscripts, the biggest healthcare software firm in the United States, has been sued by medical providers for allegedly not providing an adequate cybersecurity system. The case sets a precedent and will have large implications on all organizations with access to sensitive data or patient records.

Medical Providers Sue Allscripts Over Ransomware

“A hostile actor was able to freeze Allscripts’ system due to a lack of an acceptable cyber security mechanism.”

For days, patient care was affected throughout the nation due to a ransomware assault impacting Allscripts’ healthcare cloud-based software.

The SamSam ransomware struck Allscripts Healthcare Solutions, an electronic health records (EHR) firm, early on January 18. Allscripts encrypts the impacted files right away to preserve patient data, however this prevents clients from using essential software functionalities for days.

Due to a lack of access to medical data, billing, and online prescription services, several health care providers were forced to send personnel home and turn away patients.

On January 26, our company filed a class action complaint on behalf of lead plaintiff Surfside Non-Surgical Orthopedics and other similarly impacted health care providers who lost money due to Allscripts’ carelessness.

Check out the Complaint

What Happened to Allscripts’ System?

According to the complaint, Allscripts failed to adequately safeguard its servers, allowing a strain of the SamSam ransomware to infiltrate its data centers.

The virus that hit Allscripts was a variation of the SamSam ransomware. This virus is unusual in that it does not infect computers via email attachments, instead spreading through unpatched servers. To modify network privileges and deliver malware, attackers leverage Windows’ remote desktop feature.  

A ransomware assault hit the company’s Raleigh, North Carolina, and Charlotte, South Carolina data centers between 2 a.m. and 6 a.m. on January 18. 

To secure client data, Allscripts encrypts files, however this prevents clients from accessing electronic health records and prescription services. The computerized prescription system was restored on January 22, but consumers still couldn’t access medical information, according to Allscripts.

According to the class action complaint, Allscripts failed to adequately safeguard its servers, allowing a strain of the SamSam ransomware to infect and disable the company’s data centers.

SamSam isn’t the first hospital IT system to be infected with it. On January 11, the malware infiltrated Hancock Health, an Indiana hospital. All of the hospital’s data were encrypted and renamed “I’m sorry” by the hackers. The hospital had to pay a $55,000 ransom to get the data back.

Greater cyber security and damages for medical providers are sought in a lawsuit.

“Not only will our lawsuit demand cyber security steps to prevent this from happening again, but it will also seek damages for lost income.”

The ransomware assault, according to Allscripts, impacted 1,500 customers. The crashed software wasn’t only a nuisance for many of these customers; it also caused an unanticipated cash loss.

Healthcare professionals complained on Twitter that they couldn’t do simple things like access patients’ medical data or handle invoices. “Cloud is still down?” complained one user. We’ve had no patient information for the whole day. “It’s really unacceptable.”

On behalf of medical providers that incurred financial damages as a result of the assault, ClassAction.com filed a complaint against Allscripts, including Florida-based Surfside Non-Surgical Orthopedics, which treated patients without access to the EHR system.

John Yanchunis, one of the nation’s top data breach lawyers, is representing the class against Allscripts. He has led litigation against companies including Yahoo, Home Depot, and Target for failing to secure customer data from the country’s largest data breaches on record.

 

“The failure to have an adequate cyber security system allowed a malicious actor to lock Allscripts’ system, thereby jeopardizing the delivery of healthcare to consumers, impacting the many medical healthcare providers who were unable to practice medicine, and losing revenue,” Attorney Yanchunis said. “Not only will our lawsuit demand cyber security steps to prevent this from happening again, but it will also seek damages for lost income.”

Did the Allscripts Ransomware Attack Affect You?

If you are a healthcare practitioner who has had your practice disrupted by the Allscripts ransomware, you may be able to file a lawsuit against the corporation. Financial damages suffered while the EHR system was down may be recovered via a lawsuit. For a free, no-obligation legal consultation, contact us now.