Electronic health records giant Allscripts was hit by a ransomware attack one week ago, cutting many doctors and clinics off from patient records stored on Allscript's cloud and forcing some doctors offices to shut down.
Allscripts customers have taken to social media, asking for mainstream media to cover the attack, the CEO to resign, and even requesting compensation, largely because of a lack of information on the attack.
What's at stake here: patient care
Cleveland News 5 caught one example of the real world impact: "For the fifth day, Dr. George Kefalas and his staff have been unable to access medical records for their 8,500 patients. Thousands of patients in Northeast Ohio are being turned away. Doctors we caught up with at Pulmonary Physicians in Canton tell News 5 they have no choice. They cannot access vital information to properly care for their patients, so for now, they are canceling appointments."
What if your diagnosis was taken down? That paints the picture of how serious this is.
Allscripts customers: we don't know what is happening
Allscripts customers have taken to social media to berate the company. Not because of the ransomware attack itself—at least not yet—but because of a lack of information on what's happening.
You can see the anger building on social media the longer patient health records are offline with very little information:
Is this cyber incident reportable?
Although ransomware attacks don't typically involve theft of data, are the patient records involved in this attack secure? Should doctors offices and medical clinics be notifying their patients of a breach?
Allscripts customers are asking that same thing on Twitter because they claim to have so little information from the company at this point. If you are in this situation, SecureWorld cyber attorney Shawn Tuma of Scheef and Stone, LLP, put together a list of what you should and should not do at this point.
SecureWorld also reached out to Allscripts for more information on the ransomware attack, since there has been so little about it.
Bad actors have figured this much out: no one likes medical records held hostage and some will pay ransom because "from a business standpoint, it makes sense."