In January 2018, EHR vendor Allscripts was a target of a ransomware attack that took down several of its applications, including its EHR and patient management/scheduling systems. FierceHealthcare reported the following notice from Allscripts: “While we cannot guarantee that the hosted Professional suite and hosted Allscripts PM service will be fully restored to all clients on Monday, Jan. 22, we do currently expect to return meaningful service to the majority of clients over the next 12-24 hours."
For example, a medical group was unable to use Allscripts’ e-prescribing system after the ransomware attack. Others could not access their EHR.
The use of cloud-based applications has increased providers’ reliance on EHR vendor security measures. A detailed contract that states standards for EHR data protection is a start. But it only provides the ability to seek legal and financial remedies if the EHR vendor fails to meet its contractual obligations. It does nothing to guarantee uninterrupted access to your data.
A copy of your EHR data that is saved to an on-site computer is the only way to ensure access. A mirror backup provides an exact copy of the data. The technology allows updates to the mirror backup every 15 minutes. When selecting an EHR vendor, the availability of a mirror backup must be a key selection criteria. A local copy of the EHR application is also needed. Without it, the data is useless.