A ransomware attack on Allscripts happened on January 18, 2018, which is the reason why a number of the firm’s applications, such as the cloud EHR and the electronic prescriptions platform, went offline. The attack happened after two hospitals in Indiana were attacked by SamSam ransomware. It is believed that a variant of SamSam ransomware was used in the Alllscripts attack.
Allscripts is a company that provides electronic health record (EHR) system and electronic prescriptions for controlled substances (EPCS) platform. Many U.S. healthcare organizations and doctors utilize these services. About 2,500 hospitals, 19,000 post-acute care organizations, 180,000 physicians, 40,000 in-home clinicians and 100,000 electronic prescribing physicians use Allscripts.
The attack on Allscripts began in the early hours of January 18. The IT department took action quickly to stop the ransomware and restore data. Experts from Microsoft and Cisco also helped with the situation. The cybersecurity company Mandiant investigated the incident to know how the ransomware was able to enter the system.
The most severely affected services were the Pro EHR and EPCS. Other Allscripts applications also had some downtime. The EPCS platform was fully functional two days after the attack. But the Pro EHR system was still having issues. Some other applications will not be fixed until Monday. Rest assured, the IT team worked 24 hours to resolve the issue. Allscripts performs regular backups so it is expected that data loss is minimal and all files will be fully restored from backups.
The intent of the ransomware attack seemed to be a simple extortion by cybercriminals. There’s no data theft suspected, only the attempt to get ransom from the company.
Adams Memorial Hospital in Decantur, Indiana had a SamsSam ransomware attack on January 11. The attack slowed down the network until files became inaccessible. Reports said that file extensions were changed to ‘imsorry.’
Services with medical histories and schedule appointment were disrupted. However, physicians continued to treat and see patients. The IT department of Adams Health Network worked on restoring the servers. It is unknown whether the hospital paid ransom to regain data access or the IT team recovered the files from backup.
On the same day Adams Memorial Hospital was attacked, Hancock Health in Greenfield, Indiana was also attacked. In this case, Hancock paid 4 Bitcoin or $50,000 ransom to get the key to unlock the encryption even though there are backups. They think that the cost to restore the files is lesser when ransom is paid than when they restored the files from backups because of the long downtime.