A new variant of the SamSam ransomware, responsible for several other attacks against medical providers is to blame for this ransomware attack on Allscripts according to several security experts working on the infection.
Allscripts, whose headquarters are in Chicago, announced that they are still working to recover from the ransomware incident that infected their data centers in Raleigh and Charlotte, NC on Thursday, leaving several applications offline.
Jeremy Maxwell, director of information security at Allscripts explained on Saturday that while multiple services had availability issues, their PRO EHR and Electronic Prescriptions for Controlled Substances (EPCS) services were hit the hardest by the ransomware.
Fortunately, backup systems were not infected by the ransomware, allowing Allscripts to restore systems from backup one-by-one. Full backups of Allscripts data are made weekly on Fridays, with incremental backups made nightly at 10:00 p.m. EST, therefore the expected data loss from the incident is minimal, if any at all.
Allscripts serves about 180,000 physicians across nearly 45,000 ambulatory facilities, 2,500 hospitals and 17,000 post-acute organizations.
It is not clear at this time if this will be a HIPAA reportable breach, and who (clients or Allscripts) would have to report it to HHS/OCR. Clients should be in contact with Allscripts regarding this issue.
All medical providers that used Allscripts should also verify that they have valid and up-to-date Business Associate Agreements in place for that organization.
All HIPAA covered organizations and Business Associates should ask themselves this question: “What would I have done if this had happened to me?”
For help with your HIPAA IT Security Compliance call ACT Network Solutions at (847) 639-7000 or email email@example.com