Greenway Health still struggling with ransomware attack

Sophisticated attack affects 5 percent of vendor’s clients; services may be restored today.

A ransomware attack last week against hospital and ambulatory electronic health records vendor Greenway Health affected 400 client organizations using the vendor’s Intergy cloud-hosted platform.

Half of those affected clients have had their EHR services restored, with the rest reverting to manual processes in the hope of full restoration by today, says Greg Schulenburg, Greenway Health’s COO.

Greenway technicians discovered the breach after identifying activity that indicated a ransom attack. The company says it immediately deployed action teams, and brought in outside retained help as rapid response teams under contract.

Since April 22, work on mitigating the attack has gone on around the clock, according to Schulenburg. “At this time, there is no indication that data was withdrawn or stolen,” he adds. Further, there is no evidence that the attack extended to other platforms operated by the company.

To disseminate information on the incident, Greenway created a web site to post information, at While the attack affected only 5 percent of Greenway’s 75,000 provider customers, there was widespread concern across all its clients, and the microsite is helping to keep everyone informed.

The amount of time required to resolve the attack against Greenway concerns Carter Groome, CEO at First Health Advisory Services, a security consultancy. “Any system that says it will take a couple days to get up is a sign it was not prepared, and the response plan was weak.”

Groome is not impressed by the overall approach to cyber security by many healthcare software vendors, who have historically taken a hands-off approach to security.

“We’re just not seeing vendors providing guidance to clients on security issues. They don’t want liability; they don’t want the client to say, ‘We did everything you said to do and still got hit.’ ”

Ransomware threats should prompt vendors to harden their products and provide assistance to clients, he adds. Vendors that do so will find that better security will be a competitive advantage.

Ransomware attacks frequently hit hospital and ambulatory electronic health records vendors, but they are able to recover from them and move on, so no one may know about it, says Tom Walsh, president of the Tom Walsh Consulting security practice.

Also See: Nearly 90 percent of organizations hit by a data breach

However, vendors are obligated to treat any breach incident as an incursion until they can demonstrate it was not a breach, he adds.

Greenway Health may be the latest victim of the ransomware attack, which continues to escalate, but it is completely preventable, according to Rebecca Herold, an information security consultant, author and instructor at Rebecca Herold & Associates. To prevent ransom gambits, HIPAA-covered entities and business associates, as well as vendors, need to do the following:

1. Make frequent backups of all data and software on a separate storage device that is not attached to their network or computer except when backups are made. Be sure to test the backups regularly to ensure they are usable. If you have a full backup of your data and ransomware hits, you can then tell the crooks to go away, and rebuild your system then load your backup.

2. Use effective and constantly updated anti-malware tools. They should be kept updated, checked for zero-day types of malware, and checked for signs of ransomware. There are anti-malware tools that help to identify and stop ransomware, so even though these will not identify all, they will cut the risks and stop some.

3. Provide ransomware training to employees. The favorite training module of my clients so far has been the one on how to prevent ransomware, because not only does it show how to prevent the businesses from being victims, but also shows how employees can prevent being victims personally when away from work. Everyone is a target for the cyber crooks.

4. Generally make sure everyone is aware of the red flags for ransomware:
  • Don’t click on photos or videos without first considering the consequences. Did someone you know send you a type of photo or video that they’ve never sent before, and is out of character for him or her? Don’t click it.
  • Don’t click on links in emails, text messages, on social media, etc. without checking if they are safe.
  • Don’t go to sites you’ve not been to before, or that seem to have a strange or unfamiliar website address. Many sites can auto load ransomware on your computer simply by visiting the site.

More for you

Loading data for hdm_tax_topic #clinician-experience...