Billion-dollar American health care company Allscripts faces a lawsuit for failing to secure systems and data after it was crippled by a SamSam ransomware attack earlier this month.
The lawsuit was filed in Illinois by the Florida-based Surfside Non-Surgical Orthopedics on behalf of all clients affected by the incident. The company, which provides health care IT solutions like health record and practice management as well as electronic prescription services, was first hit by ransomware on Jan. 18. It took more than a week to fully recover.
In that time, the lawsuit alleges, patient records were out of reach, business and care was interrupted and revenue was lost.
“Allscripts was aware, however, that at all times pertinent hereto, that deficiencies in its product and services could result in privacy and security vulnerability or compromises and failed to take adequate measures to protect against any such event,” the lawsuit charges.
The plaintiffs then point to a recent Allscripts 10-K filing with the SEC that outlines cybersecurity risks faced by big health care firms.
SamSam, first spotted in early 2016, has been on a particularly destructive and profitable tear as of late. Two American hospitals were hit in quick succession by a new variant of the malware earlier this month. Administrators at those hospitals paid at least $45,000 to the attackers.
In total, the SamSam campaign has made at least $325,000 in ransom, according to Cisco’s Talos Intelligence.
An estimated 1,500 Allscripts clients were affected by the attack. The company called that a “limited” impact considering that its customer base extends into the hundreds of thousands.
You can read the full class action complaint below: