Another day, another high-profile ransomware attack. This time, the victim was Allscripts, an EHR (Electronic Health Record) company that hospitals, pharmacies, and ambulatory centers around the country rely on.
The company's data was thought to be safe on the cloud, but that proved not to be the case. Disruptions of services were felt by Allscripts clients around the country.
At this point, reports are sketchy, incomplete, and in many cases, contradictory. According to Allscripts, the attack only impacted "a limited number" of applications, and that they were working to restore them. The company's statement continued with, "most importantly, to ensure our clients' data is protected. Although our investigation is ongoing, there is currently no evidence that any data has been removed from our systems. We regret any inconvenience caused by this temporary outage."
According to Twitter, where many of Allscripts' customers have been talking about the issue, the problem goes much deeper. Some clients reported an inability to access critical patient data now stretching into its third day, with predictable impacts on health care delivery.
To complicate matters further, some heath care providers preemptively disconnected from Allscripts servers in a bid to protect their own networks. Northwell Health, based out of New York, is an example.
In any case, as of the time of the writing of this piece, most, but not all of the disrupted services seem to have been restored. You can bet, based on the contradictory information surrounding the attack, that Allscripts' handling of the incident will be discussed for a long while to come. This will probably filed under "how not to handle a ransomware attack."
The company's communication was spotty and their business continuity plan seems to have failed them. There are lessons here for all business owners. Take heed.