Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

3 min read

Major ransomware attack disrupts Ardent Health Services, affecting 30 hospitals across six states

Major ransomware attack disrupts Ardent Health Services, affecting 30 hospitals across six states

Over the Thanksgiving weekend, a ransomware attack targeted Ardent Health Services, leading to widespread disruption across its network. This incident, identified on Thanksgiving morning, quickly escalated, impacting 30 hospitals in six states. 

As a result, Ardent Health Services, a prominent healthcare provider with facilities primarily in Texas, Oklahoma, New Mexico, Kansas, Idaho, and New Jersey, faced severe operational challenges and was compelled to shut down its entire network. 

While the move helped to contain the attack, it had immediate repercussions on hospital operations. Essential IT applications were taken offline, including corporate servers, Epic software, and clinical programs.

As investigations continue, the full extent of the attack's impact and the compromised data remains uncertain. As of today, most patient services have been restored. 


What happened

On Thanksgiving morning, Ardent Health Services experienced a ransomware attack, causing significant disruptions across its network of hospitals. The company's immediate response was to shut down its entire network to prevent further spread of the attack. This shutdown affected critical IT applications, including corporate servers, Epic software, and various clinical programs.

The attack's impact was felt across Ardent Health Services' operations, which include 30 hospitals and more than 200 sites of care in six states: Texas, Oklahoma, New Mexico, Kansas, Idaho, and New Jersey. Notably, Lovelace Health System in Albuquerque, New Mexico, Hackensack Meridian Health Mountainside Medical Center in Montclair, New Jersey, and UT Health East Texas were among the hospitals forced to alter their operations. These facilities, alongside others in Ardent's network, faced challenges such as the diversion of ambulances and the rescheduling of non-emergency procedures.

In response to the network shutdown, hospital staff had to quickly adapt to manual processes. For example, at the Mountainside Medical Center in New Jersey, nurses were reported to have printed out patient information to maintain continuity of care. This transition to paper-based systems was a significant shift from the usual digital operations.

Following the discovery of the attack, Ardent Health Services reported the incident to law enforcement and engaged with third-party forensic and threat intelligence advisors. The primary focus was on investigating the breach, assessing the extent of any compromised data, and working towards restoring their IT operations.


What they're saying

The company stated today, "Safely caring for patients remains our highest priority as we work to restore our systems that were impacted by the recent cybersecurity incident. We are working around the clock to bring systems back online as quickly and safely as possible, but our restoration and investigative work will take some time to complete. At this time, we do not have a timeline for full restoration.

"The vast majority of our clinics have resumed operations at this time. Out of an abundance of caution, some non-emergent procedures have been temporarily paused while we work to bring systems back online. Our teams are working directly with any patient whose appointment or procedure will need to be rescheduled. We understand the frustration this has caused and sincerely regret any inconvenience to our patients."

They note that as of November 30th, "all 25 emergency rooms are accepting patients by ambulance."


The impact

Facilities like Lovelace Health System in Albuquerque, Hackensack Meridian Health Mountainside Medical Center in Montclair, and several UT Health East Texas hospitals were compelled to alter their standard operating procedures.

Operational disruptions: The most visible effect of the attack was the diversion of ambulances and the rescheduling of elective procedures. These measures were necessary as the hospitals' digital systems, crucial for managing patient information and hospital operations, were taken offline. This disruption had a ripple effect on local emergency services and patients seeking care.

Adapting to the crisis: Hospital staff had to revert to manual, paper-based methods without digital record-keeping and communication systems. This transition required quickly adapting to a more time-consuming and potentially error-prone process. 

Continued patient care: Despite the cyberattack, Ardent Health Services emphasized that patient care continued safely and effectively. Clinics remained open, and hospitals provided medical screenings and stabilizing care for patients arriving at emergency rooms. 

Restoration efforts: In the aftermath of the attack, Ardent Health Services' immediate focus was on restoring its IT operations. Collaborating with cybersecurity experts and law enforcement, the company worked to secure its systems, assess the damage, and gradually bring services back online.


Why it matters

The ransomware attack on Ardent Health Services illustrates the growing risk of cyberattacks in the healthcare sector. Hospitals rely heavily on digital systems, making them susceptible to disruptions that can affect patient care and data security. The rapid escalation of the situation demonstrates how quickly such attacks can disrupt essential services.


The bottom line

The disruption caused by the ransomware attack not only affected hospital operations but also had a direct impact on patient care. Digital systems are integral to modern healthcare delivery, and the potential consequences when these systems are compromised can be life-threatening.

RelatedHIPAA Compliant Email: The Definitive Guide

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.