Ardent Health Services and its affiliated entities discovered a cybersecurity incident on the morning of November 23 2023, confirming it to be a ransomware attack.
In a data security update on Monday, the firm said its technology team responded by taking the network offline and suspending user access to information technology applications, including corporate servers, Epic software, internet and clinical programs.
Law enforcement has been informed, and third-party forensic and threat intelligence advisors have been engaged.
The full extent of compromised patient health or financial data remains undetermined, and investigations are ongoing. Despite the incident, patient care continues in Ardent’s hospitals, emergency rooms and clinics.
“The bad guys are probing and doing reconnaissance constantly to see what can or can’t get through the network. And they are quickly changing their tactics to increase their success rate,” said Jess Parnell, CISO at Centripetal.
“Companies must implement ongoing patch management and deploy proactive cybersecurity solutions to protect their valuable assets. Attackers can exploit vulnerabilities faster than IT can patch them, so active defenses can buy you time.”
In precautionary measures being taken by the healthcare provider, some non-urgent, elective procedures are being rescheduled and emergency room patients are redirected to other area hospitals until systems are fully operational.
Ardent, which operates 30 hospitals across six US states, confirmed its IT teams are actively working to restore access. However, a precise timeline for returning to normal operations is yet to be established. Hospitals are assessing their ability to safely care for critically ill patients in the emergency room, with updates provided as the situation evolves.
“Ardent taking its network offline is an extreme, albeit effective, move to reduce both the chance that the ransomware can spread to more internal systems and the likelihood that sensitive data can be exfiltrated to malicious assets,” commented Tim Helming, security evangelist at DomainTools.
“While this move does come at the expense of the health, wellbeing, and security of all of Ardent’s patients, they cannot have taken this move lightly, and it speaks to the likely seriousness of this attack.”
As Ardent focuses on the secure delivery of patient care and the resolution of the incident, updates will be shared as new information emerges regarding their investigation and restoration efforts.