Allscripts was hit on Thursday by an attack through data centres in Raleigh and Charlotte in North Carolina. The company has 180,000 doctors across nearly 45,000 ambulatory facilities, 2500 hospitals and 17,000 post-acute organisations on its client register.
A report from CSO Online said Jeremy Maxwell, the company's director of information security, had told customers on Saturday that its PRO EHR and Electronic Prescriptions for Controlled Substances services were the worst affected.
On Sunday, the company told customers that they would have to be prepared for issues to continue through the week, as it continued to use back-ups to restores files that had been encrypted.
The company was hit by the Windows ransomware at about 2am on Thursday Eastern Time. Four hours later, the attack had grown to the extent that Allscripts had to call in Microsoft and Cisco for assistance.
In its latest communication, Allscripts said Mandiant, a division of the security firm FireEye, was also involved in investigations.
The attack on Allscripts came a few days after Hancock Health Hospital in Greenfield, Indiana, and Adams Memorial Hospital in Decatur, Indiana, were hit by another variant of SamSam. Hancock paid 4 bitcoin (about US$55,000) to recover its files, deciding to do so rather than restore files from its back-ups.