On January 18, 2018, at around 2:00 a.m. EST, the security operations center (SOC) at electronic health record (EHR) and practice management software provider Allscripts detected abnormal activity. Four hours later, the SOC started their investigation and discovered a full-blown ransomware incident due to SamSam, a family of ransomware that is known to target healthcare organizations. Shortly after, teams from Microsoft, Mandiant and Cisco were called in to help.
At this point, as is the case for any organization facing a large-scale incident, Allscripts said the situation turned into a “crisis event.” It was quickly determined that the Professional EHR (Pro EHR) and Electronic Prescriptions for Controlled Substances (EPCS) services were the hardest hit.
Read CSO’s full examination of the recent SamSam ransomware attack at Allscripts, following the phases of incident response as documented by SANS, on CSO.