Multiple hospitals divert ambulances after ransomware attack on parent company

Siva Ramakrishnan
Hospitals in several states are facing issues due to a ransomware attack on parent company Ardent Health Services, which confirmed on Monday afternoon that it was responding to an incident.

Hospitals in several states are facing issues due to a ransomware attack on parent company Ardent Health Services, which confirmed on Monday afternoon that it was responding to an incident.

Ardent, based in Nashville, runs 37 healthcare facilities across the U.S.

Since Thanksgiving, multiple local news outlets have reported that hospitals in their area are dealing with ransomware attacks that forced them to divert ambulances to other facilities and take other actions.

The company initially did not respond to requests for comment. By Sunday, cybersecurity experts began to put the pieces together and surmise that the attacks were connected.

On Monday afternoon, Ardent confirmed that it first began responding to an incident on the morning of November 23.

“The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs,” the company said.

Ardent said it reported the incident to law enforcement and retained “third-party forensic and threat intelligence advisers.”

The company also has implemented “additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible. At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.”

The company added that the incident has caused “temporary disruption to certain aspects of Ardent’s clinical and financial operations.”

Some facilities are diverting emergency room patients to other hospitals and rescheduling elective and non-emergency procedures, Ardent said.

The company said it does not know how long the restoration of its electronic medical records system will take.

The FBI and the Cybersecurity and Infrastructure Security Agency did not respond to requests for comment.

CNN was first to report on Friday that UT Health East Texas was turning away ambulances. Since then, hospitals in Texas, Idaho, Oklahoma, New Mexico and New Jersey reported problems. Inquiries sent to several other Ardent Health Services hospitals were not answered.

The attack mirrors an incident in August when 16 hospitals run by Prospect Medical Holdings spent weeks recovering from a ransomware attack that caused severe outages at facilities in four states.

Recorded Future — the parent company of The Record — reported at least 19 ransomware attacks on healthcare facilities last month and steep increases in incidents throughout 2023.

CybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Pennsylvania water authority hit with cyberattack allegedly tied to pro-Iran group

Next Post

Tao Thomsen and the effort to back up what makes Ukraine uniquely Ukrainian

Related Posts

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, "appeared to have focused on political and diplomatic
Avatar
Read More

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware

Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC. The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading the
Avatar
Read More