Thank you for calling out the implied coercion of signing electronically a pad to give consent for pages of legalese.…
Ransomware Attack Takes Down Some Allscripts Systems
Allscripts reports that a ransomware attack has taken down some of the applications that are hosted in its Raleigh and Charlotte, NC data centers.
The company says Allscripts Professional EHR is unavailable to customers hosted in those data centers, as are instances of its electronic prescribing of controlled substances system.
Allscripts says it expects to restore its systems quickly from backups.
An Allscripts user and HIStalk reader reports that other functions have been down since this morning, including InfoButton, regulatory reporting, clinical decision support, direct messaging, and Payerpath.
The company has not acknowledged the downtime on its website or social media accounts.
I emailed a media contact but haven’t heard back. UPDATE: the Allscripts media contact provided this statement:
We are investigating a ransomware incident that has impacted a limited number of our applications. We are working diligently to restore these systems, and most importantly, to ensure our clients’ data is protected. Although our investigation is ongoing, there is currently no evidence that any data has been removed from our systems. We regret any inconvenience caused by this temporary outage.
As of August 4, 2017, hackers accounted for 75 healthcare breaches and in November 2017 Ransomware knocked out North Carolina’s Healthcare system, where the hosted Allscripts applications that are currently out are, I must ask why Allscripts, one of the leading EHR systems would not have Anti-Ransomware protection. This is happening in your back yard, yet you are not protecting your clients.
I am one of the many doctors affected by this. If allscripts had any ethics, they would reimburse the doctors affected for the amount we pay for a substandard product. It seems like they spend 90% of their operating expenses on pr and sales. 10% on high school dropouts to run the servers.
That will happen at the same time my doctor starts reimbursing me for a two hour wait in his office or a mistaken/late diagnosis or any other poor service. I had enough of this and so, changed doctors.
If Allscripts is providing you with a substandard product then why tolerate it? Move to something else.
We have a lot invested in hardware and training to run the system. It is not as simple as switching over, but if the opportunity presented itself then of course we would consider that.
You are ultimately responsible for not properly vetting your provider and signing the contract that probably states the same.
Silicon Valley is full of HS drops outs you pompous ass.
Don’t forget arrogant. I’m that too.
Believe me, we noticed. 🙂 Sanctimonious much?
Come on, Dr. Nguyen. You are talking about “lost revenue” but you don’t worry about gaps in patient care? Are you reimbursing your patients who showed up during this outage and you didn’t have their record available?
We can’t bill them because we don’t have insurance information because it is contained in allscripts.
He didn’t ask about billing your patients. He asked if you’re going to pay them for their time that you waste by letting them sit in chairs long past their appointment slot (outage or not — the rest of us also get paid for our time.)
Who pays to notify all these patients of a potential breach of their protected health information? Someone do that math just on postage alone.
The same people that pay for any other services/products the organization provides
Kathy:
Anti-Ransomware protection?? lol, Its a joke because the programmers that are making the protection, always have a “weak link” on their team. Then the info is passed along to the “exploiters” (for a price, of course) and the saga continues…
Thomas Nguyen:
On the situation that the doc above mentioned about ” high school drop-outs running the servers”…
When it comes to technology and a true love/passion for it, many don’t need to waste thousands of dollars for a doctorate; such as yourself in order to understand systems, program, or steal your** patients info.
It comes naturally, when you have a love for it.
Sorry to disappoint you but a high school drop out probably stole all of your patients info and the guy with a Masters/Doctorate degree that you want to run your servers…cannot stop him. #RealityCheck
The SamSam ransomware has been around for 2 years… shame on Allscripts for not patching their main servers to allow attackers to get in and for this to happen.
From the latest that I read, it’s a new variant of SamSam and it’s been hitting other companies including a couple of hospitals.
https://www.bleepingcomputer.com/news/security/samsam-ransomware-hits-hospitals-city-councils-ics-firms/