Allscripts sued over ransomware attack, accused of 'wanton' disregard

The lawsuit alleges Allscripts failed to secure and audit its system, which caused the system outage for about a week, causing “significant business interruption” for its clients.
By Jessica Davis
11:47 AM

Just one week after some of Allscripts’ services were shut down by ransomware, the EHR giant is facing a lawsuit for allegedly failing to secure its systems and data from cyberattacks.

Allscripts went down on Jan. 18, after two of its data centers in Raleigh and Charlotte, North Carolina fell victim to SamSam ransomware. The EHR vendor just yesterday got most services back online.

Boynton, Beach, Florida-based Surfside Non-Surgical Orthopedics is suing Allscripts on behalf of all clients impacted, as the system outage resulted in canceled appointments, care disruptions and "significant business interruption and disruption and lost revenues.”

[Update: Most Allscripts clients back online, but issues plague some cloud-based providers]

The provider was unable to access its patient records or electronically prescribe medications, and as a result of the outage, Surfside has “expended significant time and effort resolving these issues resulting from the breach.”

Surfside alleges that Allscripts was aware of “deficiencies in its products and services [that] could result in privacy and security vulnerability or compromises and failed to take adequate measures to protect against any such event.”

The provider argued that as SamSam ransomware has been a known threat since 2016, the company should have audited or monitored its systems to prevent the attack. And its failure to do so caused the crippling system outage.

“Allscripts wanton, willful, and reckless disregard caused a complete and total interruption of service,” the suit reads. “Allscripts failed to implement appropriate processes that could have prevented or minimized the effects of the SamSam ransomware attack.”

Surfside claimed it acted in “reasonable reliance” on Allscripts’ “misrepresentation and omissions” about its security products. And said that had they known about the company’s lack of necessary precautions, they would never have purchased Allscripts’ EHR.

[Also: What to know about the SamSam ransomware hitting Allscripts, hospitals]

Given the long list of frustrated small practice providers taking to Twitter to voice those concerns, the lawsuit is not surprising.

Sultan Rahaman, MD, the owner Family Medicine Solutions in Longwood, Florida, said that he felt Allscripts had a history of being more “reactive than proactive.”

Reached on Friday, Allscripts Spokesperson Concetta Rasiarmos said Allscripts does not discuss pending litigation.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.