Allscripts EHR Breach – Jan 2018

Allscripts EHR Outage Impacts 1,500 Organizations

In January 2018, Allscripts was hit by a ransomware attack that impacted over 1,500 organizations using it’s Allscripts Professional EHR system. The breach impacted affected medical client’s access to their systems for over six days. Some practices cancelled surgeries, were unable to schedule appointments, or provide routine medical care to their patients since medical records were not available.

Many organizations believe that since their data is in the cloud, it is not susceptible to data breaches or data corruption but this is just one example where that is not the case. When using a cloud-based medical records or other business system, you must rely on the security and disaster recovery measures implemented by the vendor. At the same time, you must also have procedures in place to deal with an extended outage whether due to a ransomware attack, data corruption or simply an internet outage.

Are you prepared to be out of business for a week or more?

Could your medical practice afford to be without access to your patient’s medical records for a week – or maybe more? The Allscripts breach may have been an outlier with regards to the length of the outage and the time to recover. That is a good thing. Many cloud-based providers are extremely diligent with regards to security and data backup technologies. The simple fact is, no one can guarantee 100% protection against cyber security attacks. It’s up to you to have a plan in place.

With the amount of data collected in today’s medical world, it is hard to imagine procedures that could be implemented to avoid significant downtime. Some practices print patient schedules nightly, in the event the system is not available the following morning. While this may address the front desk needs, it does not provide the medical information necessary to treat the patient. Medication lists, allergies, lab results, family / social history and more are inaccessible greatly impacting the quality of care able to be provided – if at all.

My data and systems are safe – aren’t they?

But what about your systems? Are you protected? Allscipts is a huge company with hundreds of dedicated data center staff to monitor security and data backup processes. Most medical groups are not in a position to hire full time IT staff to make certain anti-virus software is updated and running properly. Much of the malware impacting systems is spread by email or by users accessing infected websites. This does not mean staff are misusing company resources or failing to pay attention to suspicious activity. Malware programmers are getting very, very good at making things look very legitimate. This is why it is more important than ever to implement centralized security measures that can be monitored by dedicated IT staff.

For more information about BMA Enterprises, Inc. and our managed services programs, contact us at:
BMA Enterprises, Inc.
1120 International Parkway
Suite 109
Fredericksburg, VA 22406