Just one week after some of Allscripts’ services were shut down by ransomware, the EHR giant is facing a lawsuit for allegedly failing to secure its systems and data from cyberattacks.

Allscripts went down on Jan. 18, after two of its data centers in Raleigh and Charlotte, North Carolina fell victim to SamSam ransomware. The EHR vendor just yesterday got most services back online.

Boynton, Beach, Florida-based Surfside Non-Surgical Orthopedics is suing Allscripts on behalf of all clients impacted, as the system outage resulted in canceled appointments, care disruptions and "significant business interruption and disruption and lost revenues.”

[Update: Most Allscripts clients back online, but issues plague some cloud-based providers]

The provider was unable to access its patient records or electronically prescribe medications, and as a result of the outage, Surfside has “expended significant time and effort resolving these issues resulting from the breach.”

Surfside alleges that Allscripts was aware of “deficiencies in its products and services [that] could result in privacy and security vulnerability or compromises and failed to take adequate measures to protect against any such event.”

I work for a one physician office and we are at a stand still. Our practice mainly handles the elderly population who doesn't understand our reasoning for not being able to make appointments. We are unable to post charges. How does #Allscripts expect to get paid when we don't?

— Dawn Marie Ingram (@thrdmathis) January 22, 2018

The provider argued that as SamSam ransomware has been a known threat since 2016, the company should have audited or monitored its systems to prevent the attack. And its failure to do so caused the crippling system outage.

“Allscripts wanton, willful, and reckless disregard caused a complete and total interruption of service,” the suit reads. “Allscripts failed to implement appropriate processes that could have prevented or minimized the effects of the SamSam ransomware attack.”

Surfside claimed it acted in “reasonable reliance” on Allscripts’ “misrepresentation and omissions” about its security products. And said that had they known about the company’s lack of necessary precautions, they would never have purchased Allscripts’ EHR.

[Also: What to know about the SamSam ransomware hitting Allscripts, hospitals]

Given the long list of frustrated small practice providers taking to Twitter to voice those concerns, the lawsuit is not surprising.

Sultan Rahaman, MD, the owner Family Medicine Solutions in Longwood, Florida, said that he felt Allscripts had a history of being more “reactive than proactive.”

Reached on Friday, Allscripts Spokesperson Concetta Rasiarmos said Allscripts does not discuss pending litigation.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com