Ardent Health Services announced that it suffered a ransomware attack on the morning of Nov. 23, 2023. Nashville-based Ardent said it proactively took its network offline, suspending all user access to its IT applications, including corporate servers, Epic software, internet and clinical programs.
Through its subsidiaries, for-profit Ardent owns and operates 30 hospitals and more than 200 sites of care with more than 1,400 aligned providers in six states.
Ardent said it has reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. “In addition to electronic protection procedures already in place, Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible. At this time, we cannot confirm the extent of any patient health or financial data that has been compromised,” the company said.
While this incident has resulted in temporary disruption to certain aspects of its clinical and financial operations, Ardent stresses that patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics. “In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online.”
Ardent said that MyChart and On-Demand Video Visits are temporarily unavailable.
The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. Ardent said it is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.
Among the impacted health facilities are Pascack Valley Medical Center in Westwood, N.J., and Mountainside Medical Center in Montclair, N.J., which are both part of the Hackensack Meridian Health system.
According to HIPAA Journal, 10-hospital UT Health East Texas and Portneuf Medical Center in Pocatello, Idaho, were hit by the attack that resulted in a network outage, which put emergency rooms on divert status.
The University of Kansas Health System St. Francis Campus also experienced a network outage due to the security incident. “Our team is working to assess the impact of this outage and restore access, and we will follow established downtime protocols as needed,” a statement from the health system said. “Patient care has not been adversely impacted. As a precaution, our Emergency Room is currently on divert status.”
Other Ardent subsidiaries reporting outages include BSA Health System in Amarillo, Texas, and Lovelace Health System in New Mexico.