Allscripts Ransomware Attack Affects Cloud EPCS and EHR Facilities

An Allscripts ransomware attack happened on Thursday, January 18, leading to many of the company’s apps taken offline, which included its cloud electronic recommendations platform and EHR. The attack came only some days after two Indiana hospices went through SamSam ransomware attacks.

The Allscripts ransomware attack is also supposed to have contained a variation of SamSam ransomware – an illegal computer software family widely used in attacks on healthcare suppliers.

Allscripts is a common electronic health record (EHR) method as well as Electronic Prescriptions for Controlled Substances (EPCS) supplier, with its platform utilized by several U.S medical companies, including19,000 post-acute care companies, and 2,500 hospices. Over 180,000 doctors, 100,000 electronic recommending doctors, and 40,000 in-home practitioners use Allscripts.

The Allscripts illegal computer software attack began in the wee hours of Thursday morning. Swift action was undertaken to get rid of the illegal computer software and fix data, with the incident reaction teams at Microsoft as well as Cisco called in to help. An inquiry has also been started by cybersecurity company Mandiant to decide how the illegal computer software was installed.

Allscripts’ Ace EPCS and EHR facilities were most brutally affected, even though users of other apps also faced some interruption. The Chicago-centered company is still facing problems with its Ace EHR system, even though EPCS facilities were repaired on Saturday. A few apps are expected to carry on to be badly affected all through Monday, while attempts are made to repair the malware-encrypted files.

IT groups have been working nonstop to get rid of the infection and repair records from standbys. Regular standbys are executed so data damage is likely to be minimum.

This seems to have been an accidental ransomware attack. The aim of the attack seems to have only been an effort to extract money from the firm. Data thievery isn’t doubted. Allscripts doesn’t think it was explicitly pursued by cybercriminals.

Indiana Hospices Attacked With SamSam Ransomware Variation

Adams Memorial Hospice in Decatur has also been attacked with illegal computer software – The second Indiana hospice to be attacked in the last few days. The ransomware attack happened on January 11, 2017, and at the start caused a decelerating of the system before records became inaccessible. File additions were supposedly retitled as ‘imsorry’.

The ransomware attack created some interruption to facilities, with appointment schedules and medical histories made inaccessible. Nevertheless, patients carried on to be cured and there was no necessity to annul appointments.  The Adams Health Network stated at no time was patient safety or care influenced.

A few components of the arrangement have been gotten back online, even though the IT unit is still working on reestablishing the disturbed servers. It’s not clear whether the Adams Health System paid the deal demand to recover access to files or if records were regained from standbys.

The attack occurred on the same day as the ransomware attack on Greenfield, IN- centered Hancock Health which decided to pay the 4 Bitcoin payment. Roughly $50,000 was paid for the inputs to unravel the encryption, although standbys were there. The fee of regaining files from standbys was understood to be far more than paying the extortion, because of interruption that would be faced while that process happened.

Both of the Indiana attacks are thought to have included a new variation of SamSam ransomware, even though this is assumed to be a different variation to the one utilized in the Allscripts ransomware attack.