Brentwood, Tennessee-based Ardent Health Services, which operates 30 hospitals and has more than 200 sites of care across the country, has suffered a ransomware attack that has impacted hospitals in 6 states – Texas, Idaho, Kansas, New Jersey, New Mexico, and Oklahoma. The attack has resulted in emergency rooms being placed on divert, with new emergency patients redirected to alternate healthcare facilities. Without access to IT systems, some non-urgent elective surgeries have been canceled and will be rescheduled when access is restored to IT systems.

Several Ardent Health Services facilities had already announced over the Thanksgiving weekend that they were investigating network outages that started on Thanksgiving Day. Emergency downtime protocols had been implemented and patient information was being recorded using pen and paper due to the lack of access to IT systems and patient data. Ardent Health Services issued a statement on Monday confirming that the disruption had been caused by a ransomware attack.

Unauthorized activity was first detected on the morning of November 23, 2023, and it was subsequently determined to have been caused by a ransomware attack. At the time of writing, no ransomware group has claimed responsibility for the attack. Ardent said it immediately took its network offline, suspended user access to its technology applications, corporate servers, Epic EMR system, and its Internet and clinical programs, and implemented its downtime protocols.

The health system is working to restore access to its IT systems as quickly as possible and, in the meantime, ambulances are likely to remain on divert until its IT operations have been restored. There is also likely to be ongoing disruption to its clinical and financial operations; however, patient care continues to be provided safely and effectively in all of its hospitals. Third-party cybersecurity experts have been engaged to assist with the investigation and determine the scope of the attack and the extent to which patient data was compromised, and the incident has been reported to law enforcement. A time frame could not be provided for how long it will take to restore its IT systems and determine the extent, if any, that that patient data has been compromised.

The HIPAA Journal first reported outages at several hospitals early on Monday. Details of the affected hospitals can be found in this post.

The post Ardent Health Services Ransomware Attack Affects Hospitals in 6 States appeared first on HIPAA Journal.