A ransomware attack on Allscripts Healthcare Solutions Inc MDRX's cloud has cost one private practice “in the $1,000s” and in reputation since the electronic health records were seized Jan. 18.
“It’s been five full days now where we haven’t been able to access our records,” the client, a physician who spoke on condition of anonymity to protect his practice, told Benzinga. “We’re sort of at a standstill.”
Allscripts’ Remedy
Allscripts told Benzinga a variant of SamSam malware affected a "small subset" of products, including Professional EHR applications, for cloud customers hosted in its Raleigh and Charlotte data centers, and it proactively shut down other services to protect client data.
"We immediately notified the FBI and have been providing information to assist with their investigation," spokesperson Concetta Rasiarmos said. "Importantly, there is no evidence that any data was removed from our systems. We continue to work unceasingly to restore all services to our clients who are still experiencing outages."
The Level Of Pain
The physician Benzinga spoke with said he’s been unable to efficiently schedule follow-ups, process billing or even access patient information. Because the service is cloud-based, all the information is kept off-site, and the office has no backups. Employees reliant on the software have been sent home.
“It’s really pretty much shut down things in our offices,” the physician said. “It’s completely slowed things down. For one, it’s affected patient care, because every time a patient comes in, we don’t have their information, so we have to readdress the medications, the past history, we even have to question which procedures we’ve done on them previously, which can be embarrassing because we’re the ones doing it. I think it’s eroded some trust.”
The pain is widespread, with about 1,500 clients affected, Allscripts told Benzinga.
The firm's network includes more than 180,000 doctors, 2,500 hospitals and 7.2 million patients, but no hospitals or large independent physician practices fell victim to the malware.
Still, those who were hit suffered.
Clients took to HIStalk to report lost function of regulatory reporting, direct messaging and clinical decision support. Allscripts, itself, confirmed that electronic prescriptions for controlled substances were down, although the service has since been restored.
“Allscripts has totally dropped the ball in downplaying what is going on and not coming forward with exactly what is happening,” Mansoor Ahmed, the office manager for Capital Internal Medicine in Raleigh, North Carolina, told FierceHealthcare. “All the stuff they have brought back up are secondary services.”
What's Next?
Allscripts told clients Monday it expected to restore "meaningful service" to most of its clients by Tuesday morning.
The firm, itself, has hardly been affected by the breach, with its stock trading up more than 3 percent since the attack was first discovered.
Shares traded around $15.52 at time of publication.
Related Links:
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
