Ransomware attack on Ardent Health Services causes outages in multiple hospitals and states

Ransomware attack on Ardent Health Services causes outages in multiple hospitals and states

Ardent Health Services owns and operates 30 hospitals and health systems with 200+ sites of care with more than 1,400 aligned providers in six states. Earlier today, they posted a security incident notice on their site:

Ardent Health Services and its affiliated entities (“Ardent”) became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack. The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.

Ardent has reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. In addition to electronic protection procedures already in place, Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible. At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.

In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics. In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online.

The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.

Additional information is available at www.ardenthealth.com/datasecurityupdate.

A number of hospitals have already reported diversions and rescheduling of elective services.

No group has as yet claimed responsibility for the attack.