Allscripts sued over ransomware attack

Electronic health record (EHR) vendor Allscripts may have restored service after being targeted by a ransomware attack, but now faces a class action lawsuit alleging it left clients vulnerable to hackers.

The suit from Bonyton Beach, Florida sports medicine practice Surfside Non-Surgical Orthopedics claimed Allscripts showed “wanton, willful, and reckless disregard” for cybersecurity and was aware of deficiencies in its software that could be exploited by attackers. Allscripts was the target of a “SamSam” ransomware attack on Jan. 18 which the suit said cut off Surfside’s access with the EHR platform and some e-prescribing functions.

“What makes the SamSam attack so pernicious is that by encrypting (and hobbling) key components of Allscripts’ network, it also hobbled Allscripts’ ability to conduct its business—the Allscripts Professional EHR System—and crippling an undisclosed number of e-prescribing system vulnerabilities,” the suit said. “This attack hurt both patients and their healthcare providers using the Allscripts systems in that providers were unable to e-prescribe drugs, and patients were unable to obtain drugs e-prescribed for them by those providers.”

SamSam attacks have been a known threat since 2016, but the suit said Allscripts neglected to “take adequate and reasonable measures to implement, monitor, and audit its data systems” against such an attack. The suit asks for damages related to the costs of business being disrupted by the attack, Allscripts breaching its contract by allegedly failing to secure its systems as well as consumer fraud for allegedly misrepresenting its security capabilities.

“Allscripts knew or should have known that its computer systems and security practices and procedures were inadequate and that risk of a ransomware attack, data breach, or theft was high,” the suit said.

The complaint also seeks class action status to include other providers impacted by the attack. Allscripts had said around 1,500 of its customers were affected.

""
John Gregory, Senior Writer

John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.

Around the web

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Trimed Popup
Trimed Popup