All Previous Updates

<- Back


May 10, 2017 | 6:40pm ET

The restoration of full functionality to those of our customers affected by the recent cyber attack is nearing completion. We are now partnering with a handful of individual customers on items that we expect to be resolved soon.

At the same time, we are working with the Verizon RISK Team, a leading cybersecurity forensics consultant, and other outside experts to further enhance the security of the environment against future attacks, and to improve our recovery time should it ever again become necessary. Working with those experts, we have already taken concrete steps, including the addition of monitoring tools with advanced threat protection.

We deeply regret any disruption this event may have caused, and encourage customers to contact us at 877-932-6301 with any questions or concerns.


May 3, 2017 | 5:45pm ET

We have restored EHR and practice management functionality to all practices that were affected by the recent cyber attack.

We want to reiterate that there is no evidence at this time that any patient data has been exfiltrated or stolen. We continue to make daily progress toward restoration of the remaining functionality, and are working diligently to restore full functionality for all.

Customer service representatives are continuing to reach out to affected practices, and are notifying them when full functionality is restored. Customers with any questions or concerns can contact their support representative at 877-932-6301.

We deeply regret any potential disruption this cyber attack has caused.


May 1, 2017 | 8:30pm ET

We have restored EHR and practice management functionality to all practices that were affected by the recent cyber attack. We want to reiterate that there is no evidence at this time that any patient data has been lost or stolen.

Restoration of the remaining functionality, primarily imaging and analytics, continues to be our main focus. The majority of customers have already experienced restoration of this functionality, and we are working diligently to restore the remaining functionality for all.

Customers service representatives are continuing to reach out to affected practices. Customers with any questions or concerns can contact their support representative at 877-932-6301.


April 30, 2017 | 11:00pm ET

We have restored EHR and practice management functionality to all practices that were affected by the recent cyber attack. We want to reiterate that there is no evidence at this time that any patient data has been lost or stolen.

Restoration of the remaining functionality, primarily imaging and analytics, is now our main focus. The majority of customers have already experienced restoration of this functionality, and we are working diligently to restore the remaining functionality for all.

Customers service representatives are continuing to reach out to affected practices. Customers with any questions or concerns can contact their support representative at 877-932-6301.

I have spoken to many of you personally and I appreciate the concern you have expressed about this cyber attack. I am personally distressed that any of our practices had to experience a loss of access, and I regret any disruption it may have caused. All of us at Greenway are grateful for the patience you have shown and the support you have expressed.

Safeguarding your data is of paramount importance to us, and as I said in my previous messages to you, we are continuously focused on evaluating additional measures that we may take to further enhance our defenses against cybercrime.

I am glad we have been able to restore important functionality to all our affected practices, and we will not rest until every practice has full functionality restored. Thank you again for your understanding.


April 29, 2017 | 4:30pm ET

Thank you again for the patience and support you have shown this week. We recognize that nothing is more important right now than restoring your service.

We have now restored EHR and practice management functionality to more than three-quarters of the affected practices, and expect to have similarly restored almost all of the affected practices by the time you open for business Monday morning.

We are continuing to work diligently to restore full functionality to all customers. Internal and external resources are working around the clock toward that goal, including through this weekend. At the same time, we are continuously focused on evaluating additional measures that we may take to further enhance our defenses against cybercrime.

Once again, thank you for your patience and continued support during a challenging time. If you have any questions or concerns, please call us at 877-932-6301.


April 28, 2017 | 6:30pm ET

Thank you again for your patience and support. We are very grateful for both.

I can now report that we have restored at least EHR and practice management functionality to a majority of the affected practices, and expect to have similarly restored almost all of the affected practices by the time you open for business Monday morning.

We are continuing to work diligently to restore full functionality to all customers. We are pouring considerable internal and external resources toward that goal and are working around the clock to achieve it, including through this coming weekend. At the same time, we remain focused on evaluating additional measures that we may take to further enhance our defenses against cybercrime.

Once again, thank you for your patience and continued support during a challenging time. If you have any questions or concerns, please call us at 877-932-6301.


April 27, 2017 | 4:45pm ET

Thank you again for the patience and support you continue to show. I can now report that we have restored EHR and practice management functionality to nearly half of the affected practices. Our goal is to do the same for most remaining customers by the time you open your offices on Monday morning.

We won’t be satisfied until every one of the affected practices is fully restored, so we are working around the clock to achieve that. At the same time, we are continuously focused on evaluating additional measures that we may take to further enhance our defenses against cybercrime.

We appreciate your patience and continued support during this challenging time. If you have any questions or concerns, please call us at 877-932-6301.


April 26, 2017 | 5:00pm ET

Thank you again for the patience you have shown over the last several days. I can now report that we have restored the majority of EHR and practice management functionality to a quarter of the affected practices. Our goal is to do the same for most remaining customers by the time you open your offices on Monday morning.

We have been able to make increasingly rapid progress, thanks to the efforts of both our internal personnel and external partners, including leading third-party rapid response teams. While I realize that any delay and disruption to your practice is unwelcome, the outlook today is significantly better than it was even 24 hours ago.

Naturally we won’t be satisfied until every one of the affected practices is fully restored. We are pouring considerable resources toward that goal and are working around the clock to achieve it. At the same time, we are evaluating opportunities to further strengthen our safeguards against this type of criminal cyber attack.

Once again, thank you for your patience and continued support during a challenging time. If you have any questions or concerns, please call us at 877-932-6301.


April 26, 2017 | 7:00am ET

As I noted in my message to you yesterday afternoon, we understand that nothing is more important right now than restoring your service and getting you back to business as usual.

I can now tell you that we have successfully restored service to a small but growing number of our affected customers, with no apparent loss or corruption of data, and that we are working diligently to accelerate the pace.

We continue to believe that we can have the majority of you up and running by the time you open your offices on Monday morning, perhaps sooner. I wish I could say it will be tomorrow, but even with all the people and resources we focus on this problem there are technical and logistical limits on how quickly we can recover.

As we begin to bring back access, I know that the question many of you will have is “when will our access be restored?” Our priorities are to restore the greatest number of doctors and patients in the shortest amount of time, and safely address the various technical and security challenges this effort poses. If you have any questions or concerns, please call 877-932-6301.

You have already shown great patience, and we deeply regret any disruption this has caused your practice. We are working as hard as we can to bring everyone back up, and appreciate your continued understanding as we recover from this criminal act.


April 25, 2017 | 2:15pm ET

As we continue to respond to the criminal cyber attack that affected your Intergy platform, we recognize that nothing is more important to you than re-gaining access to your systems, and having those systems running normally. We share that objective with you.

Our teams are working around the clock on the matter, and we are pouring people and resources into restoring your access. Our goal, toward which we are making significant progress, is to enable a majority of the affected practices to be up and running by the time they begin seeing patients on Monday morning. We realize this is still not ideal, and we are actively exploring approaches to accelerate the pace of recovery.

We will notify you individually when your system has been restored, and will work with you to confirm that it is running properly. Meanwhile, we are continuing to cooperate with federal authorities in their investigation.

We deeply regret any disruption this cyber attack has caused for you and your patients, and appreciate the patience you have shown. We are committed to keeping you informed, and encourage you to contact us at 877-932-6301 or continue to visit this dedicated website for updates.


April 24, 2017 | 9:45pm ET

The question we have received from many customers today is, “if you knew about the cyber attack on Saturday, why did you wait until Monday to inform us?” We first became aware of the criminal activity on Saturday, April 22 and immediately activated our incident response plan.  We moved quickly to understand the scope of the incident, contain its impact and identify customers that were affected.  After engaging and consulting with law enforcement authorities, on Sunday we prepared to notify practices swiftly and prior to the opening of business on Monday.  We also provided updates throughout the day on Monday.

We are committed to keeping you as informed as circumstances permit, therefore we have established this dedicated website for that purpose. We also encourage you to call (877) 932-6301 to speak directly with a customer support representative. We remain intently focused on restoring service and continue to explore measures to further enhance our defenses against cybercrime. Again, we regret any inconvenience and appreciate your patience as we cooperate with authorities and restore your service.


April 24, 2017 | 2pm ET

The following is an update regarding the cyber attack on certain Greenway Health systems:

We want to reiterate that while we were the victim of a criminal attack, we regret the disruption this event has caused to your practice. While the matter has not yet been resolved, we can report the following:

  • Most significantly, we continue to believe that no patient data was exfiltrated. The impact of the attack appears limited to preventing access to the data.
  • Ongoing technical analysis is enabling us to learn more about the attack. We are still not seeing evidence at this time that the attack has spread beyond Intergy-hosted servers. If you haven’t been affected yet, we have reason to believe you won’t be.
  • We continue to work closely with law enforcement agencies, and they have advised us that we are taking appropriate steps in response to this type of criminal cyber attack.
  • We are continuing the process of restoring customer systems. This process is necessarily time-consuming and we recognize the challenge this poses for your practice.

We will continue to provide updates as circumstances warrant. If you have questions or concerns please call 877-932-6301.


April 24, 2017 | 7am ET

Safeguarding access to your data and your patients’ information is our highest priority and is the reason for this message.

On Saturday, we identified that a criminal attack took place on a limited portion of our customer base, and it appears to have caused a temporary inability to access data on your Intergy Hosted server. The perpetrators are seeking a payment of ransom, and we are working in partnership with the FBI.

We deeply regret any disruption this criminal attack could cause to your practice and for any concerns it may cause to your patients. We are working diligently to restore full access as quickly as possible.

There is no evidence at this time that any patient data has been “exfiltrated” or otherwise misused. Typically, this type of ransomware attack focuses on receiving a ransom payment in exchange for restoring access to data. We do have backup data for affected customers, so we expect little or no data loss, though restoration may not be immediate. In the interim, we recommend that you revert to your offline procedures.

Based on our current understanding of the circumstances, we have no reason to believe this attack will extend to our customers on other platforms. Though we build extensive safeguards into our products and services, no Internet-based system is completely immune from attack. We are continuously focused on evaluating additional measures that we may take to further enhance our defenses against cybercrime.

We are committed to providing you with enhanced customer support and pledge to keep you informed. We will provide an update no later than 2 p.m. ET today and encourage you to call (877) 932-6301 with any questions or concerns.

We deeply value our relationship with your practice, and again regret any inconvenience this matter may cause.