Ardent hospital ERs disrupted in 6 states after ransomware attack

Ardent Health Services, a healthcare provider operating 30 hospitals across six U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.

After the incident, it had to take its entire network offline, notify law enforcement, and hire external experts to investigate the attack's extent and impact.

"Ardent Health Services and its affiliated entities ("Ardent") became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack," the organization said on Monday.

"As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs."

Impacted hospitals are currently diverting all patients requiring emergency care to other hospitals in their area. However, they can still provide medical screening and stabilizing care to patients arriving at their emergency rooms.

"Each Ardent hospital continues to evaluate its ability to safely care for critically ill patients in its Emergency Room as we work to bring hospital systems back online. This is rapidly changing, and the status of each hospital will be updated as the situation improves," Ardent added.

Patient care services are still active in Ardent's clinics, though certain non-urgent elective surgeries have been temporarily halted as the organization is working to restore encrypted systems.

Ardent's teams will directly contact individuals requiring rescheduling of appointments or procedures. Despite its IT teams' efforts to reinstate access to impacted services, Ardent cannot provide a definitive timeline for the restoration process.

Data theft not yet confirmed

The health provider has yet to confirm if any patient health or financial data has been compromised during the attack and the extent of a potential data breach.

Rebecca Kirkham, Ardent Vice President & Chief Communications Officer, said all available details have been shared on the company's data security update page when contacted by BleepingComputer earlier today.

"Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible," Ardent said today.

"The investigation and restoration of access to electronic medical records and other clinical systems is ongoing.

"Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident."

With a workforce comprising 23,000 employees, Ardent oversees operations across 30 hospitals and more than 200 care facilities in Texas, Oklahoma, New Mexico, Kansas, New Jersey, and Idaho and collaborates with over 1,400 affiliated healthcare providers spanning these six states.