Ardent Health Services Ransomware Attack Affects Hospitals in Multiple States
Brentwood, Tennessee-based Ardent Health Services, which operates 30 hospitals and has more than 200 sites of care in 6 U.S. states has suffered a ransomware attack that has impacted multiple hospitals. The attack has resulted in emergency rooms being placed on divert, with new emergency patients redirected to alternate healthcare facilities. Without access to IT systems, some non-urgent elective surgeries have been canceled and will be rescheduled when access is restored to IT systems.
Several Ardent Health Services facilities had already announced over the Thanksgiving weekend that they were investigating network outages that started on Thanksgiving Day. Emergency downtime protocols had been implemented and patient information was being recorded using pen and paper due to the lack of access to IT systems and patient data. Ardent Health Services issued a statement on Monday confirming that the disruption had been caused by a ransomware attack.
Unauthorized activity was first detected on the morning of November 23, 2023, and it was subsequently determined to have been caused by a ransomware attack. At the time of writing, no ransomware group has claimed responsibility for the attack. Ardent said it immediately took its network offline, suspended user access to its technology applications, corporate servers, Epic EMR system, and its Internet and clinical programs, and implemented its downtime protocols.
The health system is working to restore access to its IT systems as quickly as possible and, in the meantime, ambulances are likely to remain on divert until its IT operations have been restored. There is also likely to be ongoing disruption to its clinical and financial operations; however, patient care continues to be provided safely and effectively in all of its hospitals. Third-party cybersecurity experts have been engaged to assist with the investigation and determine the scope of the attack and the extent to which patient data was compromised, and the incident has been reported to law enforcement. A time frame could not be provided for how long it will take to restore its IT systems and determine the extent, if any, that that patient data has been compromised. Details of the affected hospitals can be found in this post.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The HIPAA Journal spoke with Mohammad Waqas, CTO, Healthcare, Armis, about the recent HIPAA attacks and some of the steps that hospitals and health systems can take to improve cybersecurity, given the huge rise in attacks in recent years and the increasing sophistication of intrusion attempts. “As attack surfaces grow given the increasing number of physical and virtual assets being brought online to healthcare networks, and as bad actors develop more sophisticated attack plans to reap bigger payouts, healthcare organizations cannot afford to put off strengthening cybersecurity. On an average day, more than 55,000 physical and virtual assets are connected to organizational networks; yet an astounding 40% of these assets are left unmonitored – leaving critical, exploitable gaps,” Mohammad Waqas told the HIPAA Journal. “Healthcare organizations must prioritize cyber exposure management to mitigate all cyber asset risks, remediate vulnerabilities, block threats, and protect the entire attack surface. The entire healthcare ecosystem must be taken into account – from building management systems to patient experience devices and medical devices to vendor risk management.”
Waqas suggested other important steps that should be taken to improve cybersecurity in healthcare. “Security and IT teams need to implement cybersecurity strategies such as network segmentation – first identifying and prioritizing the segmentation of critical vulnerable assets to maximize risk reduction upfront. Organizations should also adopt more clearly outlined security documentation and behaviors, well-defined incident response plans for leadership and staff, embedded security capabilities, support for security software and solutions, and retiring of legacy systems in favor of newer more secure devices. It’s also important to note that phishing and social engineering attacks remain top attack methods for healthcare organizations; therefore, leaders should also foster security-first cultures by implementing regular security awareness training for employees.”
Update: On December 7, 2023, Ardent Health Services said it had restored its Epic electronic health record (EHR) system and the redirect at its emergency rooms has been removed, allowing patients arriving by ambulance to be accepted; however, there are still delays to some non-emergent procedures, which will not be rescheduled until more IT systems have been brought back online. Ardent has also confirmed that approximately 40,000 patients may have had their information exposed in the attack.
