Allscripts Ransomware

Detailed information on Allscripts Ransomware

In January 2018, Allscripts clients were locked out of their cloud-based EHRs for days much before the security realized that operations center was hijacked by allscripts ransomware which is a variant from the famous SamSam ransomware — This was targeting the healthcare organizations majorly.


To understand this cyber attack and its impact on the EHR vendor.


Here are 7 key takeaways.

  1. Cyber criminal launched this SamSam ransomware on Allscripts Jan. 18, 2018, and majority of the customers went offline or dealt with access issues for an entire week. Almost 1,500 medical practices were affected by this attack.
  2. Allscripts’ Professional EHR and Electronic Prescriptions for Controlled Substances services were the worst hit. Most of the customers could access the cloud but not the database.
  3. In public statement, Allscripts announced that services were restored, although many clients in those areas said they didn’t have access till recently. When questioned about these contradicting statements and its clients’ reports, the company said: “Allscripts crates to a wide range of clients. Consequently, they experienced different effects as a result of this incident. There was a variety of circumstances  which involves getting few particular systems back online, and we will address each of them as quickly as possible.”
  4. Allscripts began its damage control by detecting and identifying the core issue.  The company had to seek help from Cisco, Mandiant, and Microsoft.
  5. In a statement issued by CSO Online, Allscripts said a great effort by many personnel workers was involved in resolving the attack. It  also admitted that the first few hours were an “intense swirl of many technical, business and other practical challenges.”
  6. When questioned Allscripts, the company said:  “There seem to be visible antivirus signatures available for this SamSam variant at the time it struck Allscripts. This seems to be an entirely new and a specific zero-day variant of SamSam ransomware that had never been heard of previously by Cisco, Microsoft or the FBI. But as a preventive step we were able to stop it a short while, and then started the restore work of all those client services that were affected.”
  7. After the vendor identified and cured the threat, Allscripts went ahead with the cleanup drive and restored its systems back to normalcy and bringing them back online. Allscripts took all these proactive steps, to prevent any such future attack and needed to step up its internal extra security layers to prevent similar incidents.

Suggestions to safeguard your computer?

  1. ITL is always recommended to keep all your most used browser software updated. If care is not taken to protect it, it is easy for any other an older version to attack it and attackers mainly target older version. We suggest using our best antivirus tool for 2018 ITL for your computer.
  2. It is advised to carefully go through the end user license agreement (EULA) documents when installing any software. In most of the case the terms and conditions are mentioned in the hidden in the EULA, so when you accept the user agreements, you might be unknowingly receiving malware. We would like to suggest to download and use our free malware tool to protect your computer.
  3. Take extreme care while you download any software from free sites. As the old age saying goes, nothing comes for free, and if you are careless, then there is a cost attached—which may result in you getting additional infected items with your free downloads.

Leave a Reply

Your email address will not be published. Required fields are marked *