Allscripts, a cloud based software company specializing in healthcare, was hit with a #ransomware attack, called #SamSam, late last week.
Allscripts has yet to release a detailed statement regarding the extent of the breach, but did announce that the #cyberattackaffected only a “limited number” of applications, which may contain Electronic Health Records (#EHR). Their services are used by 45,000 physician practices, 180,000 physicians, 2,500 hospitals, and 40,000 in-home clinicians.
It is extremely important to note that once the extent of the breach is released, the hospitals and/or physician practices can be held liable for all of the lost data consequences. The cloud industry’s standard contractual practice is to be held harmless of any liability once data is lost or stolen. In addition, state legislation will often deem the original business responsible for collecting the data as the “data owner,” even if that data has been lost or stolen, once outsourced to a 3rd party (aka the cloud provider).
We can expect a post breach strategy to include the following: data breach attorneys, computer forensic experts, and PR consultants, all billing at an hourly rate. Depending on their findings, notification and credit monitoring costs could follow. Lastly, if medical records were exposed, then a complete security risk assessment may be conducted by the Office of Civil Rights (#OCR) under the federal #HIPAA legislation.
Evolve MGA‘s cyber policy protects businesses in the event they experience a similar hack attack. Contact us!
Check out Data Breach Today to read more about this cyber attack.