Allscripts, the $1.5 billion medical technology and services firm, hosts a number of cloud based applications that doctors and hospitals use to run their operations. Hancock Health, that I wrote about on Monday, is one of their clients according to HealthcareITNews. About a week ago Allscripts was hit with a ransomware attack caused by the malware called SamSam.
After the attack Allscripts did what too many companies do and tried to pretend that it wasn’t a big problem, that is wasn’t affecting many people and that is wasn’t a big deal.
A week later Allscripts applications are still not working right.
Doctors can get to the login screen, but they can’t actually log in.
This means that they can’t get to patient records and can’t bill insurance carriers.
Allscripts, in a continuing denial of reality, said that the system was back up but doctors still couldn’t log in.
Doctors are freaking out a bit because they are losing revenue and cannot take care of patients. Other than that, it isn’t a problem.
It appears that today, Allscripts is finally admitting that they have a big problem.
If you run a doctor’s office or hospital and are an Allscripts client, this is a big problem for you.
Whether you are an Allscripts client or not, here are a couple of things to consider:
- What is your business continuity plan if your cloud provider has an outage? For an hour? For a day? For a week?
- Do you have a Service Level Agreement with your cloud provider in case of an outage? Are the penalties sufficient compensate you for your losses or are they basically meaningless?
- Do you have cyber risk insurance? If you do, does it cover business interruptions (BI)? Often BI has a waiting period before coverage kicks in. Sometimes it is as long as 12 or 24 hours. Is your BI coverage appropriate for your business needs?
Hopefully this attack is not affecting you, but whether it is or it is not affecting you, now is a great time to make sure that you are as prepared as you can be.
And, even if your cloud service provider is yourself (AKA Amazon, Google, Microsoft, Rackspace or the like), the problem is the same.