It was predictable that threat actors would attack during Thanksgiving week when many people take off for the holiday and long weekend.
Ardent Health Services was hit with a ransomware attack — and badly enough that hospitals wound up diverting emergency patients.
Below the break, you can find the text of Ardent’s notice and FAQ. Ardent hospitals and health systems can be found here.
No group has as yet claimed responsibility for the attack. Media coverage of some of the hospitals hit has been emerging over the past few days and includes:
Ardent Health Services Reports Information Technology Security Incident
Nashville, Tenn. (Nov. 27, 2023) – Ardent Health Services and its affiliated entities (“Ardent”) became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack. The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.
Ardent has reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. In addition to electronic protection procedures already in place, Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible. At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.
In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics. In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online.
The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.
Additional information is available at www.ardenthealth.com/datasecurityupdate.
Overview
What happened?
On November 23, Ardent Health Services (Ardent) and its affiliated entities became aware of an information technology cybersecurity incident, which has since been determined to be a ransomware attack. Ardent’s information technology (IT) team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.
What actions is Ardent taking to address this situation?
Ardent reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. In addition to electronic protection procedures already in place, Ardent implemented additional information technology security protocols and are working with specialist cybersecurity partners to restore the company’s IT capabilities as quickly as possible.
Do we know what data may have been exposed?
At this time, Ardent cannot confirm the extent of any patient health or financial data that has been compromised. Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.
When will this issue be resolved?
Ardent’s IT teams are working around the clock to restore access and establish a timeline for returning to normal operations. Updates will be shared on this page as the process continues.
Patient care impact
How is this incident impacting patient care?
Safely caring for patients remains Ardent’s highest priority and we continue to provide care in our hospitals, clinics and emergency rooms with no adverse impacts. Some non-emergent, elective procedures are being rescheduled. Additionally, Ardent’s hospitals are currently operating on divert, which means hospitals are asking local ambulance services to transport patients in need of emergency care to other area hospitals. This ensures critically ill patients have immediate access to the most appropriate level of care.
All Ardent hospitals are continuing to provide a medical screening exam and stabilizing care to any patients arriving at our Emergency Departments.
How long will my hospital Emergency Room be on divert?
Each Ardent hospital continues to evaluate its ability to safely care for critically ill patients in its Emergency Room as we work to bring hospital systems back online. This is rapidly changing, and the status of each hospital will be updated as the situation improves.
Are your clinics and medical offices closed?
At this time, we continue to see patients in our clinics. In the event a patient appointment or procedure needs to be rescheduled, our team will contact patients directly. If you have questions, please contact your physician’s office directly.
Which surgeries are being rescheduled and how are those decisions being made?
Some non-emergent, elective surgeries have been temporarily paused while Ardent works to bring systems back online. These decisions are being made in partnership with physicians and are based on a number of considerations. Our teams will reach out directly to any patient whose appointment or procedure will need to be rescheduled.
Will MyChart or On-Demand Video Visits be impacted?
MyChart and On-Demand Video Visits are temporarily unavailable. Ardent is working to bring these systems back online as soon as possible.
Is there a timeline for returning to normal operations?
Ardent teams are working around the clock to bring our systems back online and to establish a timeline for returning all applications to fully operational. At this time, we do not have a firm timeline for restoring full access. We will share updates as this process continues.
network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.
Ardent has reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. In addition to electronic protection procedures already in place, Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible. At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.
In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics. In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online.
The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.
Additional information is available at www.ardenthealth.com/datasecurityupdate.