Ardent Health Services Infected with Ransomware; Patient Data Possibly at Risk

Ardent Health Services, one of the largest healthcare providers in the US, has suffered a hacker attack, forcing it to take systems offline and divert patients to other facilities.

The healthcare firm, based in Nashville, Tennessee, owns and operates hospitals in Oklahoma, New Mexico, Texas, Idaho, Kansas and New Jersey. According to Wikipedia, the company has 26,000 employees, 30 hospitals and over 200 sites of care in six states.

The company this week issued a statement saying hackers breached its systems on the morning of November 23 in what “has since been determined to be a ransomware attack.”

“The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality,” according to the press release.

In typical incident-response manner, Ardent took its network offline and suspended all access to its IT infrastructure, including corporate servers, Epic software, internet and clinical programs.

Ardent can’t confirm if any patient health or financial data was compromised, or how seriously it may have been affected, the notice warns. As is most often the case with ransomware, the attackers likely already copied some data before Ardent’s team took notice of the intrusion and severed access.

“In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics,” Ardent continues.

Some non-emergent, elective procedures are being rescheduled, while some emergency room patients are being diverted to other area hospitals until the matter clears up.

The memo indicates it will be a while before Ardent learns when it will restore normal operations and, perhaps more importantly, what data may be involved in this incident.

Since the company has confirmed it to be a ransomware attack, the attackers are likely already extorting the healthcare provider in exchange for deleting any stolen data.

If negotiations fail, ransomware operators typically resort to the name-and-shame approach, following with a threat to leak the data or sell it to the highest bidder.

Ardent has published a comprehensive FAQ on its website, addressing some of the questions patients most commonly ask about such events.

If you’re an Ardent customer, current or former, be wary of any suspicious emails or text messages involving your health or financial data.

Bitdefender Digital Identity Protection lets you instantly find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.

Bitdefender Identity Theft Protection covers damages and financial loss from identity theft, complete with identity theft restoration services, and insurance up to $2 million.