Reported ransomware attack leads to weeks of Aprima EHR outages
[This piece has been updated to include additional user experiences with the outage.]
A reported ransomware attack on the CompuGroup Medical data center partner, MedNetwoRX, has impeded some customers' access to their Aprima electronic health record systems for more than two weeks.
According to emails forwarded to Healthcare IT News, the disruption began on April 22 – and some hosted Aprima clients are still waiting for service to be restored as of Friday.
"The outage has been tremendously disruptful to our ability to properly care for our patients," said Dr. Christopher Fox, a Colorado-based endocrinologist.
Fox's clinic, the Alpine Center for Diabetes, Endocrinology and Metabolism, is an Aprima EHR client.
"We've not had access to our clinic schedule, chart notes, refill requests or incoming test results," said Fox, although he notes that they can access test results in other ways as a workaround.
"We're unable to schedule new appointments, as availability and open time slots are unknown. We've been using our downtime protocols, however, these were really not designed to serve a 14-day outage," he said.
"I assume this is unusual for length of outage," he said.
The CompuGroup Medical brand eMDs, which acquired Aprima in 2019, did not respond to multiple requests for comment. MedNetwoRX also did not respond to requests for comment.
Two weeks of outages
Email messages forwarded to Healthcare IT News suggest weeks of uncertainty.
On April 27, eMDs sent an email signed by CompuGroup Medical CEO Derek Pickell to hosted Aprima customers detailing the incident.
According to the email, "A sophisticated criminal organization carried out a ransomware attack on some of the hosting vendor’s systems, disaster recovery site, and backups."
"We do not have confirmation yet that this is a data breach, and if it was, which of our clients were impacted, but the eMDs Incident Response Team continues to follow all data integrity and appropriate government, regulatory, and notification protocols," the email continued.
"eMDs will be sending a written data breach notice to any customer whose data has been confirmed to have been encrypted," it read.
The email encouraged hosted customers to continue operating under HIPAA disaster protocols and contingency plans, including using paper-based workflows.
"We are working extremely closely with the hosting vendor to ensure that APRIMA customers are prioritized for restoration," read an April 26 email, also signed by Pickell. "They have engaged additional outside technical professionals and are conducting a thorough investigation of their network. Every server at the main and secondary backup/disaster recovery sites is undergoing a thorough review process."
"The goal is to remove any and all malware from the systems, make sure all devices are clean, and to restore full functionality and data," that email continued.
Some customers took to social media to discuss the effects they were experiencing.
"Our EMR (Aprima), has been down since last Thursday worldwide," wrote the Arthritis and Osteoporosis Center of Kentucky in a public Facebook post dated April 28. "Support is looking into the issue and has assured us they are working around the clock to get us back up and running. Therefore, we are not able to log in. Patient portal will also not be available.
"We are still operating as normal to continue providing service to our patients. We are having to do everything manually instead of electronic and much more time consuming so please be patient," the post read. "This is beyond our control and we are working as fast as we can on our part until our EMR is back up and running.
"We appreciate your understanding, but again, it is an issue world wide affecting other practices as well. We will do everything we can on our part, to make sure you are taken care of," it continued.
Commenters on that post described their own access hurdles.
"Any progress? We also have Aprima, in our cardiology group in Sarasota, Florida. We are still down ..." wrote one user on April 29.
"We have patients that have been with us for many years and now it’s tough to help them," the user added in a different comment.
"I am down still will be [two] weeks this Thursday," wrote another on May 4. "As a solo practitioner I expect that I am a low priority."
"We have been with Aprima for about [five] years but this is a horrible experience," said the AOCK's Dr. Mansoor Ahmed in an email after publication.
"Our patients are badly suffering as we are just not able to access their records, not able to call in their prescriptions, not able to see their test results," Ahmed said. "We cannot access our schedules and not able to see who is scheduled for when. It has tremendously affected our ability to take care of our patients."
"We understand these kind of things could happen, but 15 days is a way too long time to get the service restored fully," Ahmed added.
Problems appeared to persist for some customers even after their access was restored.
"We are continuing to experience issues with Aprima, our EMR," wrote the AOCK in another public Facebook post, dated May 5.
"It is down nationwide and it is taking us quite a bit of time to open each chart as it takes several minutes to open each tab. It is impossible to answer [calls]," the post continued.
"We remain aware that some restored users have been experiencing speed issues. We are working hard with MedNetworx troubleshooting these and doing what it takes to rectify the causes," read an eMDs email, dated May 6.
As of May 6, eMDs said in another forwarded email that about 260 customers had their system availability restored.
"We are told by MedNetworx that we should have access to most of the remaining servers tomorrow," read the email, signed by Pickell. "As you would expect, we have many processes in place to maximize the restore speed of the databases on these as soon as we get access."
"We are still on target to provide all affected customers with access to their data by Monday. We recognize that we are now [two] weeks into this and again, apologize for the disruption to your operations," continued the email.
On Friday morning, Fox said his clinic was still waiting to have access restored.
"We remain hopeful for service soon, but still nothing for us," he said.
"My office is still down and now being told it will be at least Tuesday until restored," said Dr. Jack Tubbs, an OB-GYN based in Colorado, in an email to Healthcare IT News after publication on Monday.
"Almost three weeks of not being able to access our system is pervasive. Not only can we not adequately care for our patients, but we can not schedule patients, access patient contact information, or even bill for charges since the down time started," Tubbs said.
"Needless to say, this has a devastating effect on my small independent practice," he added.