A U.S. healthcare provider that operates hospitals in 6 states suffered a ransomware attack that has caused outages at several of its hospitals. Ardent Health Services said it first identified an intrusion on the morning of November 23, 2023, and launched an investigation that later revealed it was a ransomware attack. On Thanksgiving Day, several of the hospitals in its network reported network outages. Without access to critical IT systems, including electronic medical records, several of the affected hospitals put their emergency rooms on divert, and ambulances were sent to alternate facilities to ensure emergency patients had immediate access to the highest level of care. The decision was also taken to cancel some non-urgent elective surgeries. The appointments will be rescheduled when IT systems have been restored.
Ardent Health Services said it took its network offline when the attack was discovered and suspended access to its IT applications, corporate servers, Epic software, and Internet and clinical programs, which has naturally resulted in operational disruption. Hospital staff started working under established downtime protocols and continue to provide care to patients. A spokesperson for Ardent Health Services said patient care has not been affected.
At present, it is unclear whether patient data was stolen in the attack. Ransomware actors often exfiltrate patient data before encrypting files and use the stolen data as leverage to pressure victims into paying the ransom. Threats are issued to publish the stolen data if the ransom is not paid. So far, no ransomware group has claimed responsibility for the attack and Ardent Health Services has yet to determine if patient data has been compromised. Third-party security experts have been engaged to assist with the investigation.
Ardent Health Services operates 30 hospitals and more than 200 care locations and has more than 1,300 aligned healthcare providers. It is currently unclear how many healthcare facilities have been affected. The following hospitals have confirmed that they experienced an outage and were operating under emergency downtime protocols and were working to restore access to their systems.
- UT Health East Texas
- BSA Health System
- Lovelace Health System
- Hillcrest HealthCare System
- Hackensack Meridian Health
Ransomware gangs target the healthcare industry due to the high value of healthcare data. The attacks cripple systems that are used to provide patient care which increases the probability of the ransom being paid. Attacks are often timed to occur when staffing levels are low, such as over the weekend and during holiday periods. According to the HHS’ Office for Civil Rights, healthcare ransomware attacks have increased by 278% in the past 4 years.