The healthcare company Ardent Health Services, which manages 30 hospitals in six states in the United States, revealed today that a ransomware attack targeted its systems on Thursday.
Following the incident, it was forced to shut down its whole network, alert law enforcement, and engage outside specialists to look into the scope and effects of the attack.
A ransomware attack against U.S. hospital owner Ardent Health Services has forced hospitals across several states to reschedule some elective patient procedures and divert ambulances.
Nashville-based Ardent Health Services said on its website that it became aware of an information technology cybersecurity incident on Thanksgiving and that it has since been determined to be a ransomware attack.
“Ardent Health Services and its affiliated entities (“Ardent”) became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack,” the organization said on Monday.
“As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet, and clinical programs.”
Hospitals, ERs, and clinics in Ardent provide the majority of patient care. Nonetheless, its hospitals are currently on divert, which means they are requesting the local ambulance service to transfer patients in need of emergency care to other nearby hospitals. Simultaneously, a few “non-emergent, elective” surgeries have been placed on temporary hold.
All patients in need of emergency care are currently being diverted from affected hospitals to other nearby hospitals. They can still offer patients arriving at their emergency rooms medical screenings and stabilizing care, though.
“As we endeavor to restore hospital systems back online, each Ardent hospital keeps an eye on its capacity to safely treat critically ill patients in its emergency room. This is quickly changing, and as things get better, each hospital’s status will be updated,” said Ardent.
Patients can still receive care at Ardent’s clinics; however, while the company works to restore encrypted systems, some non-urgent elective surgeries have been temporarily put on hold.
People who need to reschedule appointments or procedures will be contacted directly by Ardent’s teams. It is not possible for Ardent to give a firm timeframe for the restoration process, even with its IT teams working hard to restore access to affected services.
Not yet confirmed data theft
The healthcare provider has not yet confirmed the scope of a possible data breach or whether any patient’s financial or health information was compromised during the assault.
When contacted by BleepingComputer earlier today, Rebecca Kirkham, Ardent Vice President and Chief Communications Officer, stated that all information has been shared on the company’s data security update page.
“Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible,” Ardent disclosed today.
“There is still work being done on the investigation and regaining access to clinical systems, including electronic health records.
“Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.”
Twenty-three thousand workers strong, Ardent manages operations in thirty hospitals and over two hundred care facilities in Texas, Oklahoma, New Mexico, Kansas, New Jersey, and Idaho. It also works with more than 1,400 partner healthcare providers in these six states.
This industry has proven to be profitable for ransomware perpetrators. The previous year, U.S. government agencies issued a warning about ransomware attacks specifically targeting the healthcare and public health sectors by a cybercrime group known as the Daixin Team. The attacks leveraged security flaws surrounding virtual private network (VPN) servers as the initial point of entry. Liska stated that as of now, 316 ransomware attacks against healthcare providers in 2023 have been tracked by Recorded Future and made public. There were 245 attacks that were made public in 2022 compared to 290 in 2021.