Cyber Incident Victim: Aprima

A ransomware attack targeting MedNetwoRX, a data center partner of CompuGroup Medical, disrupted access to Aprima electronic health record (EHR) systems for multiple customers beginning on April 22, 2021. The incident caused extended service outages affecting hosted Aprima clients, with some remaining without access for over two weeks. CompuGroup Medical acknowledged the attack in an April 27 email to customers signed by CEO Derek Pickell, attributing the incident to a "sophisticated criminal organization" that compromised the hosting vendor's infrastructure. The attackers executed a coordinated strike against primary systems, disaster recovery infrastructure, and backup repositories, significantly impeding restoration efforts. This multi-faceted compromise left affected healthcare providers unable to access critical patient records through the Aprima platform during the initial attack phase.

The sustained disruption impacted operations for an unspecified number of healthcare organizations relying on the hosted EHR service, with restoration efforts still ongoing when reported on April 30. Attackers deliberately targeted MedNetwoRX's redundant systems and backup storage, eliminating conventional recovery options and prolonging downtime. CompuGroup Medical's communications confirmed the ransomware's comprehensive impact on their partner's technical environment without specifying whether data exfiltration occurred. Service restoration proceeded incrementally, with some clients regaining access before others, though the complete remediation timeline extended beyond the two-week mark. The incident demonstrated the operational vulnerabilities inherent in third-party hosting arrangements when critical infrastructure components face simultaneous compromise.