In the first month of this year, Allscripts, a healthcare network working in several states were targeted by SamSam ransomware. According to the organization’s own account, nearly 1,500 medical practices and procedures were affected in the facilities looked over by Allscripts. The cryptographic malware mainly affected the practice management software and electronic health record of the company.
Allscripts called top-notch cyber security companies to remove ransomware strain from their system. The healthcare network worked very efficiently in dealing with the ransomware ordeal. In this blog, we will try to analyze how Allscripts dealt with their ransomware infection.
Preparation
Allscripts claims that they have employed multiple ‘prepare and drill’ activities for many different accidents in advance. However, they haven’t categorically mentioned if they were prepared for any possible ransomware attack.
But in the light of the complaints lodged by many of their customer of the unavailability of services even after ransomware decrypt and system restoration, it’s safe to assume that the preparations of Allscripts against any ransomware attack were not on top of things.
Identification and Damage Control
For this phase, we can give Allscripts full marks. They didn’t just timely identify the type of threat, but also immediately took the measures to control the damage and fallout. Their security experts identified within few hours of the attack that they were targeted by a specific type of ransomware strain (SamSam) frequently used to target healthcare networks.
In order to contain the damage, Allscripts cut network connections with their data centers located in different cities. It was indeed a hard decision but also important for stopping the strain to infect the entire system.
Removal and Recovery
This is the most arduous phase following any cyber attack. We know that Allscripts had to outsource the ransomware decrypt and repair services. Company hasn’t revealed what went through this phase but they reported almost all of their compromised services were fully restored in one week after the attack.
Even though Allscripts moved really quickly to deal with the ransomware attack, they and their customers still had to go through inconvenience for six to seven days.
For assistance on file recovery, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.
