Greenway Health Ransomware Attack Stops 400 Clients from Accessing EHRs

Tampa, Florida-based practice management software and EHR vendor, Greenway Health, has experienced a ransomware attack that has affected around 5% of its client base – approximately 400 healthcare organizations.

It is unclear whether the ransomware infection resulted in EHR data being encrypted, although clients were temporarily prevented from accessing the cloud-based Intergy EHR/medical management platform. Those clients were forced to resort to using pen and paper while Greenway Health worked to restore its system.

Fortunately, all client data were backed up and could be recovered, although that process took time. On April 22, 2017, third-party rapid response security firms were brought in to remove the infection and restore data. A spokesperson for Greenway Health said the teams were “working around the clock to restore access to affected Intergy hosted customers.”  As of yesterday, around half of affected clients had access to the Intergy system restored.

While the cloud-based platform was taken out of action, Greenway Health has not uncovered any evidence to suggest that patient data were accessed or exfiltrated. The ransomware infection was rapidly contained and there are no signs that the infection has spread to other systems, although Greenway Health is continuing to monitor the situation. Greenway Health said there was little or no data loss.

Since the investigation into the attack is ongoing, few details on the specifics have been released. Greenway Health has not announced which ransomware variant was involved, how the ransomware was installed on its system, and whether all data were recovered from backups or if the ransom demand was paid.

Greenway Health’s CEO, Scott Zimmerman, said “Though we build extensive safeguards into our products and services, no Internet-based system is completely immune from attack.” Zimmerman also explained that the company is “continuously focused on evaluating additional measures that we may take to further enhance our defenses against cybercrime.”

EHR vendors typically have highly advanced cybersecurity protections in place, but this incident shows that no company is immune to attack. The ransomware attack should serve as a warning for all healthcare providers that use cloud-based EHR systems. ePHI access may be lost, so it is essential that contingency plans are developed to ensure that a cyberattack on their EHR vendor does not majorly impact healthcare operations.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.