Ardent Health Services, a healthcare provider operating 30 hospitals across six U.S. states, has revealed that it fell victim to a ransomware attack on Thursday, November 23, 2023. Following the incident, the organization took its entire network offline and notified law enforcement, initiating an investigation into the extent and impact of the attack.
In a statement issued on Monday, Ardent Health Services said, "Ardent Health Services and its affiliated entities ("Ardent") became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack."
The response to the attack involved the proactive shutdown of Ardent's network, suspending all user access to its information technology applications, including corporate servers, Epic software, internet access, and clinical programs.
Impacted hospitals are currently diverting patients requiring emergency care to other nearby hospitals. However, these facilities are still capable of providing medical screening and stabilizing care to patients arriving at their emergency rooms.
Ardent Health Services stated, "Each Ardent hospital continues to evaluate its ability to safely care for critically ill patients in its Emergency Room as we work to bring hospital systems back online. This is rapidly changing, and the status of each hospital will be updated as the situation improves."
While patient care services in Ardent's clinics remain active, certain non-urgent elective surgeries have been temporarily halted as the organization works to restore encrypted systems. Ardent's teams will directly contact individuals needing to reschedule appointments or procedures. Despite efforts to reinstate access to affected services, Ardent cannot provide a definitive timeline for the restoration process.
As of now, Ardent has not confirmed whether any patient health or financial data has been compromised during the attack and the extent of a potential data breach.
Jess Parnell, CISO at Centripetal, commented on why organizations continue to be susceptible to these types of attacks and how they can be prepared for and mitigated:
"The bad guys are probing and doing reconnaissance constantly to see what can or can’t get through the network. And they are quickly changing their tactics to increase their success rate. That’s why organizations run out of human runway quickly and why their infrastructure is quickly overloaded. And even with all the spending on cybersecurity that we see, the only thing that organizations know for sure is that their exposure to cyber risk is only going up and up and up. Companies must implement ongoing patch management and deploy proactive cybersecurity solutions to protect their valuable assets. Attackers can exploit vulnerabilities faster than IT can patch them, so active defenses can buy you time."
"Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible," Ardent said in its latest statement.
"The investigation and restoration of access to electronic medical records and other clinical systems are ongoing. Ardent is still determining the full impact of this event, and it is too soon to know how long this will take or what data may be involved in this incident."
Ardent Health Services, with a workforce of 23,000 employees, operates across 30 hospitals and more than 200 care facilities in Texas, Oklahoma, New Mexico, Kansas, New Jersey, and Idaho. It collaborates with over 1,400 affiliated healthcare providers across these six states.
Alex Heid, Chief Research Officer at SecurityScorecard, shared that no organization is 'safe' from all threats, but they can improve their response practices. "While no organization will ever be 100% insulated from a cyber attack, the company response - how quickly they detect, disclose, remediate, and prevent future incidents - will define their success in navigating the storm," said Heid.