Who is Allscripts?
Allscripts is a billion-dollar company based out of Chicago. The company is known for providing healthcare practice management and electronic health record technology.
When did the ransomware attack take place?
The attack on two of its data centers took place on Thursday, January 18 at approximately 2am and the recovery processes is ongoing even a week later.
What did the ransomware attack encompass?
Allscript, who seemingly is trying to downplay the magnitude and seve
rity of this situation, said the attack only affected a “small-subset” of products including PRO EHR and EPCS (Electronic Prescription for Controlled Substances). After investigation Allscript stated that the attack seemed to be commodity malware* and that the company was not directly targeted.
Who was affected?
Approximately 1,500 of Allscripts clients were affected in the
Raleigh and Charlotte, North Carolina area.
What affect did the attack have on businesses?
The ransomware attack as cost many of the 1,500 clients affected not only money but reputation and customer trust. A private practice sated their financial loss from this attack was in the $1000’s along with their reputation. Other physicians are still unable schedule follow-up appointments, process billing or access patient information.
How will Allscripts correct it?
Allscripts, stated they immediately alerted the FBI and have provided any information necessary to assist with their investigation. They also noted they are working around the clock to restore all services to clients still experiencing outages. These comments have left many of its clients upset and wanting more done.
How can I protect my company from these incidents?
Cloud based information systems like Allscripts are attacked more often than people realize. It’s for that reason that as a company entrusted with such sensitive information is important to always have contingency plan. Having cybersecurity insurance for your business would also be the best idea. Other features like adding two factor authentications to your systems. Two factor authentications would make it necessary to provide at least one additional proof of identity beyond simply username and password.
While the attack did affect these businesses through Allscripts, it is ultimately up to each business to protect itself from these kinds of events. Making sure to not just review but closely examine the disaster recovery plan for any management or cloud-based provider you are relying on and equipping your employees with the skills and basic knowledge necessary to identify possible cyber-attacks is crucial.