Cyber Incident Victim: Greenway Health

On or around April 24, 2017, Greenway Health experienced a ransomware attack affecting a limited portion of its customers using the Intergy cloud-hosted electronic health records platform. The company notified affected customers on April 28, describing the incident as a criminal cyber attack that froze access to data with demands for ransom payments. CEO Scott Zimmerman communicated directly with impacted practices, acknowledging potential disruptions while emphasizing there was no evidence of patient data exfiltration or misuse. Greenway activated backup systems to minimize data loss and assured customers that the attack appeared confined to Intergy's internet-hosted users, with no indication of spread to other platforms. The company engaged law enforcement agencies, including the FBI, to investigate the incident and provided enhanced customer support through a dedicated phone line.

The ransomware incident impacted approximately 400 healthcare organizations using Greenway's Intergy platform. By May 1, 2017, Chief Operating Officer Greg Schulenburg reported that half of the affected clients had their EHR services restored, while the remainder operated using manual processes with expectations of full restoration imminently. Greenway maintained continuous communication about system recovery efforts but did not disclose whether the attackers gained initial access through phishing, vulnerabilities, or other methods. The company faced unresolved questions regarding breach reporting obligations, as it remained unclear whether Greenway or individual healthcare providers would notify the Department of Health and Human Services about potential HIPAA violations. This incident followed a separate 2015-2016 data exposure involving Florida Medical Clinic that resulted from a configuration error in Greenway systems, though the two events were unrelated in cause and scope.