A Florida-based provider hit Allscripts with a proposed class action lawsuit Thursday for failing to protect its clients' data from a ransomware attack, saying it could cost companies hundreds of millions of dollars in business.
Boynton Beach, Fla.-based Surfside Non-Surgical Orthopedics claimed that healthcare industry experts have known about the "SamSam" ransomware strain since March 2016, but Allscripts failed to monitor and audit its cloud-based data systems, which could have mitigated the attack that has shut down its products.
More than 180,000 physicians and 2,700 hospitals use Chicago-based Allscripts' EHR, patient engagement and care coordination tools. All in all, 7.2 million patients have data on the company's servers, according to the complaint filed in federal court in Illinois.
Allscripts declined to comment on the pending litigation, but in a separate interview with Modern Healthcare, company spokesperson Concetta Rasiarmos said 1,500 clients were impacted by the attack. She added that services to all affected clients has been restored.
Surfside alleged that it and other Allscripts' client services lost access to critical services from the Jan. 18 SamSam attack until Thursday.
"While the extortionist's payment demand is relatively small (ranging between hundreds of dollars to tens of thousands of dollars), the damage wreaked on enterprise and other users' systems runs in to the hundreds of millions of dollars and more," the complaint said.
Without access to Allscripts, provider clients have had to cancel patient appointments and can't electronically prescribe medications, which disrupts their businesses significantly.
"While no sensitive or health information is disseminated, the risks to patient treatment, health and safety are significantly increased because of the serious and even life-threatening consequences presented by even a short-lived interruption of healthcare services," the complaint said.