Ransomware Attack Demands Big Lawsuit

Stethoscope next to laptopRhine Law Firm, P.C., and Co-Counsel File Class Action Against Allscripts

Healthcare IT is a huge business. Doctors and hospitals need to record, file, search, access, compare and share patients’ data in order to successfully treat them, and in this digital age, many private companies make a fortune by storing and organizing this data for healthcare providers.

What if we told you that a billion-dollar electronic health records company failed to protect your private medical information from cybercriminals, and your doctor couldn’t do his job as a result?

That’s exactly what happened on January 18, 2018. Ransomware is known as “SamSam” attacked and crippled data centers in North Carolina belonging to Allscripts Healthcare Solutions, Inc., a 1.5 billion-dollar corporation, disabling all access to patient records and e-prescription data. For almost a week, Allscripts’ services were down; and its clients—180,000 physicians, 2,700 hospitals, and 13,000 extended care organizations—were unable to do business or treat patients. Around 7.2 million patients suffered the consequences as well.

Surfside Non-Surgical Orthopedics, P.A., a sports medicine center in Boynton Beach, Florida, was particularly hard hit. Unable to access patient records or e-prescribe medications, the medical center was forced to cancel appointments and shut down normal business operations for more than a week, losing money and sending patients away in confusion. The fallout from this security breach was still going on when Surfside filed a class-action lawsuit on behalf of every medical provider or center that “…relied on their ability to access and transact with the products and service provided by Allscripts.”

This security breach was a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPPA), which requires that business associates adopt security measures to assure the confidentiality, integrity, and availability of personal healthcare information.

Amazingly, Allscripts itself predicted almost this exact scenario in its most recent 10-K filing: “If our security is breached, we could be subject to liability, and clients could be deterred from using our products and services.” It went on to mention that other high-profile attacks had recently been made. As the lawsuit also pointed out, SamSam has been a known risk since 2016.

The crux of the matter is, according to the complaint, “Allscripts failed to implement appropriate processes that could have prevented or minimized the effects of the SamSam ransomware attack.” Surfside also claims Allscripts misrepresented and omitted information about the security of its products and services, and that had Surfside known, they would never have purchased it.

This class action lawsuit against Allscripts should give economic remedy to all clients—hospitals, doctors’ offices, outpatient care centers, and more—that suffered an interruption of service due to the ransomware attack.

The case is being heard in U.S. District Court in the Northern District of Illinois, as Allscripts is a Chicago-based corporation. Joel Rhine of Rhine Law Firm, P.C., is one of the attorneys for the plaintiff and putative class. The plaintiffs demand a trial by jury.

Have questions about class action lawsuits or another legal matter in the state of North Carolina? Speak to the Rhine Law Firm, P.C., at (910) 501-2474.

Categories