Cyber Incident Victim: MedNetwoRX

The ransomware attack targeting MedNetwoRX, a data center partner supporting CompuGroup Medical's Aprima electronic health record (EHR) systems, began disrupting services on April 22, 2021. Hosted Aprima clients experienced immediate access issues to their EHR platforms as the attack compromised MedNetwoRX's infrastructure. CompuGroup Medical confirmed the incident through an April 27 email signed by CEO Derek Pickell, attributing the disruption to a ransomware attack executed by a sophisticated criminal organization. The attackers targeted not only primary operational systems but also MedNetwoRX's disaster recovery environment and backup repositories, significantly impeding restoration efforts. This multi-faceted compromise left many customers without access to critical patient records and clinical tools for an extended period, with some outages persisting beyond two weeks.

Service restoration timelines varied among affected clients, with some still awaiting full functionality as of May 7, 2021, according to customer communications reviewed by Healthcare IT News. The attack's impact stemmed primarily from the deliberate targeting of both production systems and recovery mechanisms, which forced manual restoration processes. CompuGroup Medical's communications emphasized the criminal sophistication behind the attack but did not disclose specific ransomware variants, payment demands, or data exfiltration details. The prolonged outages disrupted clinical operations for healthcare providers relying on hosted Aprima solutions, though the exact number of affected organizations remained unspecified in available disclosures. Recovery efforts focused on rebuilding systems from unaffected backups where possible, while the complete compromise of certain disaster recovery assets extended downtime for severely impacted customers.