hiveleak attacks Greenway Health

Incident Date:

January 25, 2022

World map



hiveleak attacks Greenway Health


Greenway Health




Aurora, USA

Colorado, USA

First Reported

January 25, 2022

Greenway Health Targeted by Hiveleak Ransomware Group

Company Overview

Greenway Health provides electronic health records (EHR), practice management, and revenue cycle management solutions to practices in multiple specialties. The company serves more than 55,000 providers across multiple specialties, translating into millions of lives touched daily by its solutions.

Vulnerabilities and Impact

The ransomware attack on Greenway Health highlights the importance of vendor management in the healthcare sector. The incident affected several hundred physician group practices using the company's cloud-based applications, causing temporary disruption to patient data access. Although Greenway Health had backup data and expected little to no data loss, the attack serves as a reminder of the risks that vendors can pose to healthcare providers.

Response and Mitigation

Greenway Health has been working around the clock to restore access to EHR and practice management functionality for the affected practices. The company has also launched Greenway Secure Cloud, a cost-effective, fully bundled, cloud-based EHR and practice management solution designed to protect against cybersecurity attacks, withstand natural disasters, and ensure compliance with federal regulations.

The ransomware attack on Greenway Health underscores the need for healthcare providers to carefully review a vendor's security posture and practices when choosing cloud-based EHR, practice management systems, or other critical systems. Healthcare providers should also regularly test their own contingency plans, including testing how they will respond to a significant outage of a critical cloud-based software provider.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.