Multistate health system recovering from T-day ransomware attack
Thirty-hospital, six-state Ardent Health Services spent Thanksgiving Day scrambling to contain a digital ransomware attack. A week later, the system is still working to assess the intrusion and repair any damage.
According to multiple reports, Ardent hospitals in Texas, New Jersey, New Mexico and Oklahoma had to divert ambulances and reschedule surgeries early on in the crisis. Ardent, which is backed by equity interests, also operates in Idaho and Kansas.
In a situation update posted Nov. 27, Ardent says it “cannot confirm the extent of any patient health or financial data that has been compromised.”
Ardent notes it proactively took its network offline as soon as the breach was discovered. Along with some clinical services, the deliberate downtime affected corporate servers, EMR software and websites.
The health system is assuring the communities it serves that the ongoing recovery activities will not keep it from delivering patient care in hospitals, emergency rooms and clinics.
“In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online,” the update reads.
More:
“The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.”
Cybersecurity expert Kiersten Todt, former chief of staff at the Cybersecurity and Infrastructure Security Agency, tells CBS News “there’s always the concern of loss of life” when hospitals have to shut down infrastructure networks due to attacks by cybercriminals.
“Malicious actors want to make money off of” the fear of physical harm to patients, Todt adds. “It's an economic model. The tragedy is that it’s an economic model that happens to capitalize on an infrastructure that is responsible for human lives.”
Media coverage of the Ardent ransomware episode has been broad.
Follow Ardent’s own updates here.