Greenway Health Reports Ransomware Attack (Updated)

From Greenway Health:

TAMPA, April 24–An apparent criminal cyber attack that has affected a limited portion of its customers was reported today by Greenway Health to its affected customers, the company says.

The incident involves “ransomware,” in which the attackers freeze access to data and offer to restore it in exchange for a ransom payment. The company says it is working with law enforcement, including the FBI.

“We deeply regret any disruption this criminal attack could cause to your practice and for any concerns it may cause to your patients,” CEO Scott Zimmerman told affected customers Monday morning.

Zimmerman emphasized that there is no evidence at this time that any patient data has been “exfiltrated” or otherwise misused. And he said the company has backup data and expects little or no data loss. The impact of this attack appears limited to some Internet-hosted users of the company’s Intergy platform.

“Based on our current understanding of the circumstances, we have no reason to believe this attack will extend to our customers on other platforms. Though we build extensive safeguards into our products and services, no Internet-based system is completely immune from attack. We are continuously focused on evaluating additional measures that we may take to further enhance our defenses against cybercrime,” Zimmerman said.

The company said it will be providing enhanced customer service and support to affected practices, and will provide additional information to its customers later today. Customers who have not experienced difficulty are unlikely to be affected, but anyone concerned should call 877-932-6301.

Last May, Florida Medical Clinic reported a potential breach of 1,000 patients’ data due to an error in a setting controlled by Greenway.  It appears the unintended exposure went undetected between November 18th, 2015 to January 6th, 2016.

In this case, it is not yet clear how many covered entities may have been affected by the ransomware incident and whether they will be reporting it to HHS or whether Greenway will be reporting it.  Nor is it clear how Greenway’s network was infected.

This post will be updated as more information becomes available.

Update of May 1: Joseph Goeddert reports:

A ransomware attack last week against hospital and ambulatory electronic health records vendor Greenway Health affected 400 client organizations using the vendor’s Intergy cloud-hosted platform.

Half of those affected clients have had their EHR services restored, with the rest reverting to manual processes in the hope of full restoration by today, says Greg Schulenburg, Greenway Health’s COO.

About the author: Dissent